Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-1907

Malicious code in bioql PyPI...

5.9CVSS5.9AI score0.00371EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/06/05 12:0 a.m.3 views

Authenticated Private Set Intersection: a Merkle Tree-Based Approach for Enhancing Data Integrity

Private Set Intersection PSI enables secure computation of set intersections while preserving participant privacy, standard PSI existing protocols remain vulnerable to data integrity attacks allowing malicious participants to extract additional intersection information or mislead other parties. I...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/18 12:0 a.m.4 views

Towards Stateless Clients in Ethereum: Benchmarking Verkle Trees and Binary Merkle Trees with SNARKs

Ethereum, the leading platform for decentralized applications, faces challenges in maintaining decentralization due to the significant hardware requirements for validators to store Ethereum's entire state. To address this, the concept of stateless clients is under exploration, enabling validators...

7AI score
Exploits0
Prion
Prion
added 2023/06/16 11:15 p.m.19 views

Code injection

OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that...

2.6CVSS5.6AI score0.00371EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2023/06/16 10:13 p.m.26 views

CVE-2023-34459 OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees

OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that...

5.3CVSS5.9AI score0.00371EPSS
Exploits0References3
OSV
OSV
added 2023/06/16 10:13 p.m.34 views

CVE-2023-34459 OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees

OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that...

5.3CVSS5.7AI score0.00371EPSS
Exploits0References5
Code423n4
Code423n4
added 2023/05/04 12:0 a.m.10 views

High gas consumption vulnerability due to high merkle tree heights

Lines of code Vulnerability details Impact The issue stems from the utilization of tall trees in numerous merkle trees within the BeaconChainProofs library. This could lead to considerable gas consumption during the creation and verification of such trees. The consequence of this vulnerability is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.9 views

Split vulnerable to preimage attack

Lines of code Vulnerability details Impact A motivated attacker could invest the resources to craft a malicious SplitsReceiver to steal all of a users' pending funds. Proof of Concept This is a non-practical implementation of the attack, but shows by extending the SplitsReceiver array by any numb...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.13 views

Multiple vestings for the same user will fail

Lines of code Vulnerability details Impact Loss of funds from multiple vestings for a single user Proof of Concept In MerkleVesting and MerkleResistor vestings are distributed using merkle trees. Creators of the vesting submit the Merkle root of the tree and deposit the funds to be distributed. A...

6.7AI score
Exploits0
Rows per page
Query Builder