Lucene search
K

12 matches found

Snyk
Snyk
added 2025/10/30 5:10 p.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

8.7CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/10/30 5:10 p.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

8.7CVSS7AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2485

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00844EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/10/31 8:37 p.m.23 views

Gnark out-of-memory during deserialization with crafted inputs

Thanks @pventuzelo for reporting. From the correspondence: Hi, We Fuzzinglabs & Lambdaclass found that during deserialization of certain files representing a VerifyingKey, an excessive memory allocation is happening consuming a lot of resources and even triggering a crash with the error fatal...

5.5CVSS7.2AI score0.00324EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2024/09/09 1:48 p.m.11 views

Sensitive Information Exposure

github.com/consensys/gnark is vulnerable to Sensitive Information Exposure. The vulnerability is caused by the same σ being used for all proofs of knowledge for commitments, allowing mixing between them. This makes it possible to fix the value of all but one commitment before selecting the circui...

6.2CVSS6.6AI score0.0019EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/02/06 7:9 a.m.12 views

Improper Input Validation

github.com/consensys/gnark is vulnerable to Improper Input Validation. The vulnerability is due to a lack of width validation in the range checker gadget. The Range checker allows inputs to be up to 16 bits wider than checked...

6.9AI score
Exploits0
Veracode
Veracode
added 2023/10/06 9:52 a.m.15 views

Integer Overflow

github.com/consensys/gnark is vulnerable to Integer Overflow. The vulnerability is due to some in-circuit values having two valid decomposition bits, which could result in unintended behavior...

7.1CVSS6.8AI score0.00224EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/28 6:30 a.m.28 views

Duplicate Advisory: Consensys gnark-crypto allows Signature Malleability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fr8m-434r-g3xp. This link is maintained to preserve external references. Original Description Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and...

9.8CVSS8.2AI score0.00844EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2023/09/28 4:15 a.m.22 views

CVE-2023-44273

Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval...

9.8CVSS9.4AI score0.00844EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/28 12:0 a.m.6 views

gnark-crypto Code Issue Vulnerability

gnark-crypto is an open source library from Consensys. Provides elliptic curve and pairing-based cryptography on BN, BLS12, BLS24 and BW6 curves. A code issue vulnerability exists in Consensys gnark-crypto 0.11.2 and earlier versions, which stems from the presence of a deserialization vulnerabili...

9.8CVSS7.1AI score0.00844EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/09/28 12:0 a.m.11 views

CVE-2023-44273

Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval...

6.7AI score0.00844EPSS
Exploits0References3
CVE
CVE
added 2023/09/28 12:0 a.m.63 views

CVE-2023-44273

CVE-2023-44273 (gnark-crypto) affects github.com/consensys/gnark-crypto up to v0.11.2. During ECDSA/EdDSA signature deserialization, the library does not enforce that values lie in the range [1, n−1], enabling signature malleability and potential DoS. The issue has been fixed in v0.12.0 (PR #449)...

9.8CVSS9.3AI score0.00844EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder