How severe is CVE-2023-39363?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-39363?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2023-39363 - CRITICAL Severity | CVSS 5.9

Vulnerability Description

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.

Related Vulnerabilities

CVE-2019-25017

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, th...

CWE-8632019

CVE-2021-27195

MEDIUM

CVSS:5.9(Medium)

Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic.

CWE-8632021

CVE-2023-31141

MEDIUM

CVSS:5.9(Medium)

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access con...

CWE-8632023

CVE-2023-46753

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.

CWE-8632023

CVE-2024-34701

MEDIUM

CVSS:5.9(Medium)

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki i...

CWE-8632024

CVE-2018-15468

MEDIUM

CVSS:6.0(Medium)

An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtual...

CWE-8632018