CVE-2021-41121

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
GitHub_MCNA
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
vyperlangvyper
𝑥
< 0.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/vyperlang/vyper/pull/2447
https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv
https://github.com/vyperlang/vyper/pull/2447
https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv