CNNVD-202507-2367 Information
Jul 17, 2025
cve
CNNVD ID
CNNVD-202507-2367
Related CVE
- CNNVD Published: 2025-07-17
Description (Chinese)
OpenZeppelin Contracts是OpenZeppelin开源的一个安全智能合约开发库。 OpenZeppelin Contracts 5.4.0之前版本存在缓冲区错误漏洞,该漏洞源于lastIndexOf函数可能访问未初始化内存,可能导致越界读取。
Description (English)
OpenZeppelin Contractors is a secure smart contract development bank for OpenZeppelin’s open source. Before OpenZeppelin Contractors 5.4.0, there was an error loophole in the buffer zone, resulting from the possibility that the lastIndexof function would access an uninitialized memory, which could lead to cross-border reading.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
OpenZeppelin
Published
2025-07-17
Last Modified
2026-02-24
References
https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v5.4.0 https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9rcw-c2f9-2j55
Patch
https://github.com/OpenZeppelin/openzeppelin-contracts/releases
Share on: