CVE-2025-54070 — Out-of-bounds Read in Contracts

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 78.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openzeppelin Contracts Openzeppelin Contracts-upgradeable Openzeppelin Openzeppelin-contracts

Timeline

PublishedJul 17

Description

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the `lastIndexOf(bytes,byte,uint256)` function of the `Bytes.sol` library may access uninitialized memory when the following two conditions hold: 1) the provided buffer length is empty (i.e. `buffer.length == 0`) and position is not `2**256 - 1` (i.e. `pos != type(uint256).max`). The `pos` argument could be used to access arbitrary data outside of the buffer bounds. Th…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶npmopenzeppelin/contracts-upgradeable5.2.0 — 5.4.0

▶npmopenzeppelin/contracts5.2.0 — 5.4.0

▶CVEListV5openzeppelin/openzeppelin-contracts>= 5.2.0, < 5.4.0

🔴Vulnerability Details

OSV

OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers↗2025-07-17

▶

GHSA

OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers↗2025-07-17

▶