Home > Vulnerability Database > CVE-2023-26488

Mend.io Vulnerability Database

CVE-2023-26488

Good to know:

Date: March 3, 2023

OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by `balanceOf`. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2.

Language: JS

Severity Score

6.5

Related Resources (5)

Url: https://github.com/OpenZeppelin/openzeppelin-contracts/commit/167bf67ed3907f4a674043496019fa346cee7705

Url: https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.8.2

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-26488

Url: https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-878m-3g6q-594q

Url: https://www.mend.io/vulnerability-database/CVE-2023-26488

Severity Score

6.5

Weakness Type (CWE)

Incorrect Calculation

CWE-682

Top Fix

Upgrade Version

Upgrade to version @openzeppelin/contracts - 4.8.2, @openzeppelin/contracts-upgradeable - 4.8.2

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-26488

Good to know:

Date: March 3, 2023

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?