How severe is CVE-2023-46232?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-46232?

This is classified as CWE-471, which is a common weakness in software security.

CVE-2023-46232

MEDIUM Year: 2023

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-471

View all →

Vulnerability Description

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The problem arises when there is a String or Array with more 256-bit words allocated than initialized. It results in the second word’s index unset, that is effectively set to 0, so the first immutable value with the actual 0 index is overwritten in the ImmutableSimulator. Version 1.3.10 fixes this issue by setting all indexes in advance. The problem will go away, but it will get more expensive if the user allocates a lot of uninitialized space, e.g. `String[4096]`. Upgrading and redeploying affected contracts is the only way of working around the issue.

CVE-2021-24046

MEDIUM

CVSS:5.3(Medium)

A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device ...

CWE-4712021

CVE-2024-45672

MEDIUM

CVSS:6.0(Medium)

IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service.

CWE-4712024

CVE-2020-26268

MEDIUM

CVSS:4.4(Medium)

In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is...

CWE-4712020

CVE-2021-37193

MEDIUM

CVSS:4.3(Medium)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameter...

CWE-4712021

CVE-2021-42701

MEDIUM

CVSS:6.3(Medium)

An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain ...

CWE-4712021

CVE-2022-1561

MEDIUM

CVSS:4.3(Medium)

Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe...

CWE-4712022

CVE-2023-46232

Vulnerability Description

Related Vulnerabilities

CVE-2021-24046

CVE-2024-45672

CVE-2020-26268

CVE-2021-37193

CVE-2021-42701

CVE-2022-1561