How severe is CVE-2024-34704?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-34704?

This is classified as CWE-682, which is a common weakness in software security.

CVE-2024-34704 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the `DAGCombine` phase while visiting the XOR operation. The issue arises when attempting to fold the expression `!(x cc y)` into `(x !cc y)`. To perform this transformation, the second operand of XOR should be a constant representing the true value. However, it was incorrectly assumed that -1 represents the true value, when in fact, 1 is the correct representation, so this transformation for this case should be skipped. This vulnerability is fixed in 1.4.1.

Related Vulnerabilities

CVE-2011-1573

MEDIUM

CVSS:5.9(Medium)

net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT an...

CWE-6822011

CVE-2017-8932

MEDIUM

CVSS:5.9(Medium)

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input poi...

CWE-6822017

CVE-2024-45056

MEDIUM

CVSS:5.9(Medium)

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits nu...

CWE-6822024

CVE-2022-31104

MEDIUM

CVSS:5.6(Medium)

Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings...

CWE-6822022

CVE-2016-9377

MEDIUM

CVSS:5.5(Medium)

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest cras...

CWE-6822016

CVE-2019-20051

MEDIUM

CVSS:5.5(Medium)

A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.

CWE-6822019