{"id":"PYSEC-2022-198","details":"Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `\u003ciface\u003e.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `\u003ciface\u003e.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.","aliases":["CVE-2022-24845","GHSA-j2x6-9323-fp7h"],"modified":"2023-11-08T04:08:38.494818Z","published":"2022-04-13T22:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/vyperlang/vyper/security/advisories/GHSA-j2x6-9323-fp7h"},{"type":"FIX","url":"https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b"}],"affected":[{"package":{"name":"vyper","ecosystem":"PyPI","purl":"pkg:pypi/vyper"},"ranges":[{"type":"GIT","repo":"https://github.com/vyperlang/vyper","events":[{"introduced":"0"},{"fixed":"049dbdc647b2ce838fae7c188e6bb09cf16e470b"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.2"}]}],"versions":["0.1.0b1","0.1.0b10","0.1.0b11","0.1.0b12","0.1.0b13","0.1.0b14","0.1.0b15","0.1.0b16","0.1.0b17","0.1.0b2","0.1.0b3","0.1.0b4","0.1.0b5","0.1.0b6","0.1.0b7","0.1.0b8","0.1.0b9","0.2.1","0.2.10","0.2.11","0.2.12","0.2.13","0.2.14","0.2.15","0.2.16","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.9","0.3.0","0.3.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/vyper/PYSEC-2022-198.yaml"}}],"schema_version":"1.7.3"}