CVE-2021-41121

low-risk

Published 2021-10-06

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.

Do I need to act?

0.42% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / HIGH complexity

Affected Products (1)

Vyper

Affected Vendors

Vyperlang

References (4)

Patch https://github.com/vyperlang/vyper/pull/2447

Third Party Advisory https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv

Patch https://github.com/vyperlang/vyper/pull/2447

Third Party Advisory https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv

/ 100

low-risk

Severity 22/34 · High

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal