VYPR

crates.io package

soroban-sdk

pkg:cargo/soroban-sdk

Vulnerabilities (2)

  • CVE-2026-32322Mar 12, 2026
    affected >= 25.0.0, < 25.3.0fixed 25.3.0

    soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematica

  • CVE-2026-24889Jan 28, 2026
    affected >= 25.0.0, < 25.0.2fixed 25.0.2

    soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Contracts that pass user-con