CVE-2024-34704
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !(x cc y) into (x !cc y). To perform this transformation, the second operand of XOR should be a constant representing the true value. However, it was incorrectly assumed that -1 represents the true value, when in fact, 1 is the correct representation, so this transformation for this case should be skipped. This vulnerability is fixed in 1.4.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| matter-labs | era-compiler-solidity | >= 1.2.0, <= 1.4.0 | affected |
Weaknesses
- CWE-682: CWE-682: Incorrect Calculation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.