High severity7.5NVD Advisory· Published May 11, 2023· Updated Jun 17, 2026
CVE-2023-32059
CVE-2023-32059
Description
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vyperPyPI | < 0.3.8 | 0.3.8 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822acnvdPatchWEB
- github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39gnvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-ph9x-4vc9-m39gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-32059ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2023-79.yamlghsaWEB
News mentions
0No linked articles in our index yet.