CVE-2024-24564 Information

Description

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32(b start) if the start index provided has for side effect to update b the byte array to extract 32 bytes from it could be that some dirty memory is read and returned by extract32. This vulnerability affects 0.3.10 and earlier versions.

Reference

https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx