34 matches found
CVE-2025-52884 risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...
CVE-2025-52884 risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...
PT-2025-26784 · Risc Zero +1 · Risc Zero +1
Name of the Vulnerable Software and Affected Versions: RISC Zero versions prior to 2.1.1 and 2.2.0 Description: The issue concerns the Steel.validateCommitment Solidity library function, which returns true for a crafted commitment with a digest value of zero. This violates the function's semantic...
RISC Zero Ethereum 安全漏洞
RISC Zero Ethereum is a computing platform open-sourced by RISC Zero. A security vulnerability exists in RISC Zero Ethereum versions prior to 2.1.1 and 2.2.0, which stems from the Steel.validateCommitment function returning true for a commitment with a summary value of zero, which could lead to a...
CVE-2025-52484
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...
CVE-2025-52484
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...
CVE-2025-52484
The CVE concerns risc0-zkvm prior to version 2.1.0. A missing constraint in the rv32im circuit allows a malicious prover to exploit any 3-register RISC-V instruction (e.g., remu, divu) by making rs1 appear equal to rs2, potentially compromising zkVM computations. Affected releases: risc0-zkvm 2.0...
CVE-2025-52484 RISC Zero zkVM Underconstrained Vulnerability
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...
CVE-2025-52484 RISC Zero zkVM Underconstrained Vulnerability
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...
CVE-2025-52484 RISC Zero zkVM Underconstrained Vulnerability
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...
PT-2025-26449 · Risc Zero · Risc0-Zkvm
Name of the Vulnerable Software and Affected Versions: risc0-zkvm versions 2.0.0 through 2.0.2 Description: The issue is due to a missing constraint in the rv32im circuit, allowing a malicious prover to attack any 3-register RISC-V instruction, including remu and divu, by confusing the RISC-V...
GHSA-5XGJ-PMJJ-GW49 RISC Zero zkVM notes on zero-knowledge
RISC Zero zkVM was designed from its inception to provide three main guarantees: 1. Computational integrity: that a given software program executed correctly. 2. Succinctness: that the proof of execution does not grow in relation to the program being executed. 3. Zero Knowledge: that details of t...
RISC Zero zkVM notes on zero-knowledge
RISC Zero zkVM was designed from its inception to provide three main guarantees: 1. Computational integrity: that a given software program executed correctly. 2. Succinctness: that the proof of execution does not grow in relation to the program being executed. 3. Zero Knowledge: that details of t...
PT-2024-40107 · Risc Zero · Risc Zero Zkvm
Name of the Vulnerable Software and Affected Versions: RISC Zero zkVM affected versions not specified Description: The RISC Zero zkVM does not meet the requirements to assert the specific property of zero knowledge provably, according to new research by Ulrich Habock and Al Kindi. This issue...