Home > Vulnerability Database > CVE-2024-27094

Mend.io Vulnerability Database

CVE-2024-27094

Good to know:

Date: February 29, 2024

OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6.

Language: JS

Severity Score

6.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-27094

Url: https://github.com/OpenZeppelin/openzeppelin-contracts/commit/a6286d0fded8771b3a645e5813e51993c490399c

Url: https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9vx6-7xxf-x967

Url: https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/2d081f24cac1a867f6f73d512f2022e1fa987854

Url: https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/723f8cab09cdae1aca9ec9cc1cfa040c2d4b06c1

Url: https://github.com/OpenZeppelin/openzeppelin-contracts/commit/92224533b1263772b0774eec3134e132a3d7b2a6

Url: https://www.mend.io/vulnerability-database/CVE-2024-27094

Severity Score

6.5

Top Fix

Upgrade Version

Upgrade to version @openzeppelin/contracts - 4.9.6,5.0.2, @openzeppelin/contracts-upgradeable - 4.9.6,5.0.2

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-27094

Good to know:

Date: February 29, 2024

Language: JS

Severity Score

Related Resources (7)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?