OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| @openzeppelin/contracts(npm) | 4.5.0 | 4.9.6 | N/A |
| @openzeppelin/contracts-upgradeable(npm) | 5.0.0-rc.0 | 5.0.2 | N/A |
| @openzeppelin/contracts(npm) | 5.0.0-rc.0 | 5.0.2 | N/A |
| @openzeppelin/contracts-upgradeable(npm) | 4.5.0 | 4.9.6 | N/A |
CVSS Metrics
