How severe is CVE-2024-24559?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-24559?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2024-24559 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.

Related Vulnerabilities

CVE-2018-18587

MEDIUM

CVSS:5.3(Medium)

BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash.

CWE-3272018

CVE-2018-1996

MEDIUM

CVSS:5.3(Medium)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obt...

CWE-3272018

CVE-2019-4325

MEDIUM

CVSS:5.3(Medium)

"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."

CWE-3272019

CVE-2019-5135

MEDIUM

CVSS:5.3(Medium)

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes u...

CWE-3272019

CVE-2019-9836

MEDIUM

CVSS:5.3(Medium)

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic impl...

CWE-3272019

CVE-2020-1596

MEDIUM

CVSS:5.3(Medium)

<p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise ...

CWE-3272020