How severe is CVE-2022-24787?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-24787?

This is classified as CWE-697, which is a common weakness in software security.

CVE-2022-24787 - HIGH Severity | CVSS 7.5

Vulnerability Description

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.

Related Vulnerabilities

CVE-2005-2801

HIGH

CVSS:7.5(High)

xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied.

CWE-6972005

CVE-2016-10003

HIGH

CVSS:7.5(High)

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as b...

CWE-6972016

CVE-2020-15130

HIGH

CVSS:7.5(High)

In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or oppor...

CWE-6972020

CVE-2020-15131

HIGH

CVSS:7.5(High)

In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wa...

CWE-6972020

CVE-2020-22784

HIGH

CVSS:7.5(High)

In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing acces...

CWE-6972020

CVE-2020-23478

HIGH

CVSS:7.5(High)

Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.

CWE-6972020