CVE-2025-26622

LOW Year: 2025
CVSS v3 Score
7.5
High
Weakness Type
CWE-682
View all →

Vulnerability Description

vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed and a fix is expected in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2017-0819

HIGH
CVSS:7.5(High)

A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918.

CWE-6822017

CVE-2018-14439

HIGH
CVSS:7.5(High)

espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency t...

CWE-6822018

CVE-2018-18225

HIGH
CVSS:7.5(High)

In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.

CWE-6822018

CVE-2018-20999

HIGH
CVSS:7.5(High)

An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results.

CWE-6822018

CVE-2019-17514

HIGH
CVSS:7.5(High)

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: ...

CWE-6822019

CVE-2020-26240

HIGH
CVSS:7.5(High)

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate P...

CWE-6822020