How severe is CVE-2023-37902?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-37902?

This is classified as CWE-252, which is a common weakness in software security.

CVE-2023-37902 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. Version 0.3.10 contains a patch for this issue.

Related Vulnerabilities

CVE-2018-14622

MEDIUM

CVSS:5.3(Medium)

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server...

CWE-2522018

CVE-2019-15523

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this func...

CWE-2522019

CVE-2020-4531

MEDIUM

CVSS:5.3(Medium)

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error m...

CWE-2522020

CVE-2021-41041

MEDIUM

CVSS:5.3(Medium)

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified ...

CWE-2522021

CVE-2021-4189

MEDIUM

CVSS:5.3(Medium)

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. T...

CWE-2522021

CVE-2021-42780

MEDIUM

CVSS:5.3(Medium)

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

CWE-2522021