Lucene search
K

34 matches found

Cvelist
Cvelist
added 2025/06/24 8:20 p.m.11 views

CVE-2025-52884 risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment

RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...

6.3CVSS0.00349EPSS
Exploits0References7
OSV
OSV
added 2025/06/24 8:20 p.m.5 views

CVE-2025-52884 risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment

RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...

6.3CVSS6.5AI score0.00349EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.5 views

PT-2025-26784 · Risc Zero +1 · Risc Zero +1

Name of the Vulnerable Software and Affected Versions: RISC Zero versions prior to 2.1.1 and 2.2.0 Description: The issue concerns the Steel.validateCommitment Solidity library function, which returns true for a crafted commitment with a digest value of zero. This violates the function's semantic...

6.3CVSS6.2AI score0.00349EPSS
Exploits0References15
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.4 views

RISC Zero Ethereum 安全漏洞

RISC Zero Ethereum is a computing platform open-sourced by RISC Zero. A security vulnerability exists in RISC Zero Ethereum versions prior to 2.1.1 and 2.2.0, which stems from the Steel.validateCommitment function returning true for a commitment with a summary value of zero, which could lead to a...

6.3CVSS6.3AI score0.00349EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.8 views

CVE-2025-52484

RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...

6.9CVSS7.2AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2025/06/20 6:15 p.m.7 views

CVE-2025-52484

RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...

6.9CVSS0.00237EPSS
Exploits0References7
CVE
CVE
added 2025/06/20 5:21 p.m.19 views

CVE-2025-52484

The CVE concerns risc0-zkvm prior to version 2.1.0. A missing constraint in the rv32im circuit allows a malicious prover to exploit any 3-register RISC-V instruction (e.g., remu, divu) by making rs1 appear equal to rs2, potentially compromising zkVM computations. Affected releases: risc0-zkvm 2.0...

6.9CVSS6.6AI score0.00237EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/06/20 5:21 p.m.7 views

CVE-2025-52484 RISC Zero zkVM Underconstrained Vulnerability

RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...

6.9CVSS7.2AI score0.00237EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/06/20 5:21 p.m.13 views

CVE-2025-52484 RISC Zero zkVM Underconstrained Vulnerability

RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...

6.9CVSS0.00237EPSS
Exploits0References7
OSV
OSV
added 2025/06/20 5:21 p.m.6 views

CVE-2025-52484 RISC Zero zkVM Underconstrained Vulnerability

RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...

6.9CVSS6.5AI score0.00237EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.7 views

PT-2025-26449 · Risc Zero · Risc0-Zkvm

Name of the Vulnerable Software and Affected Versions: risc0-zkvm versions 2.0.0 through 2.0.2 Description: The issue is due to a missing constraint in the rv32im circuit, allowing a malicious prover to attack any 3-register RISC-V instruction, including remu and divu, by confusing the RISC-V...

6.9CVSS6.4AI score0.00237EPSS
Exploits0References13
OSV
OSV
added 2024/07/15 6:32 p.m.4 views

GHSA-5XGJ-PMJJ-GW49 RISC Zero zkVM notes on zero-knowledge

RISC Zero zkVM was designed from its inception to provide three main guarantees: 1. Computational integrity: that a given software program executed correctly. 2. Succinctness: that the proof of execution does not grow in relation to the program being executed. 3. Zero Knowledge: that details of t...

7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/07/15 6:32 p.m.9 views

RISC Zero zkVM notes on zero-knowledge

RISC Zero zkVM was designed from its inception to provide three main guarantees: 1. Computational integrity: that a given software program executed correctly. 2. Succinctness: that the proof of execution does not grow in relation to the program being executed. 3. Zero Knowledge: that details of t...

7AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.4 views

PT-2024-40107 · Risc Zero · Risc Zero Zkvm

Name of the Vulnerable Software and Affected Versions: RISC Zero zkVM affected versions not specified Description: The RISC Zero zkVM does not meet the requirements to assert the specific property of zero knowledge provably, according to new research by Ulrich Habock and Al Kindi. This issue...

6.7AI score
Exploits0References4
Rows per page
Query Builder