MEDIUM

GHSA-22wc-c9wj-6q2v

VVE-2021-0001: Memory corruption using function calls within arrays

Details

### Impact When performing a function call inside an array, there is a memory corruption issue that occurs because of an incorrect pointer to the the tip of the stack.

### Patches This issue was partially fixed in [VVE-2020-0004](https://github.com/vyperlang/vyper/security/advisories/GHSA-2r3x-4mrv-mcxf), however the fix did not update similar code for arrays, which had a similar issue. The issue is fully fixed in https://github.com/vyperlang/vyper/pull/2345

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / vyper

Introduced in: 0 Fixed in: 0.2.12

Fix pip install --upgrade 'vyper>=0.2.12'

References

https://github.com/vyperlang/vyper/security/advisories/GHSA-22wc-c9wj-6q2v [WEB]
https://github.com/vyperlang/vyper/pull/2345 [WEB]
https://github.com/vyperlang/vyper/commit/11b7b5b7e59bc9dc859d51cd41a924b59fe47c9e [WEB]
https://pypi.org/project/vyper [WEB]