cvedb.io
CVE-2023-30629
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2023-04-24T22:15:10.030 · Last modified 2026-06-17T05:55:11.670

Summary

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.

Affected products

vyperlang — vyper

Does this affect you?

Add your gear to cvedb and we'll alert you only when vyperlang ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.