12 matches found
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
EUVD-2023-2485
Malicious code in bioql PyPI...
Gnark out-of-memory during deserialization with crafted inputs
Thanks @pventuzelo for reporting. From the correspondence: Hi, We Fuzzinglabs & Lambdaclass found that during deserialization of certain files representing a VerifyingKey, an excessive memory allocation is happening consuming a lot of resources and even triggering a crash with the error fatal...
Sensitive Information Exposure
github.com/consensys/gnark is vulnerable to Sensitive Information Exposure. The vulnerability is caused by the same σ being used for all proofs of knowledge for commitments, allowing mixing between them. This makes it possible to fix the value of all but one commitment before selecting the circui...
Improper Input Validation
github.com/consensys/gnark is vulnerable to Improper Input Validation. The vulnerability is due to a lack of width validation in the range checker gadget. The Range checker allows inputs to be up to 16 bits wider than checked...
Integer Overflow
github.com/consensys/gnark is vulnerable to Integer Overflow. The vulnerability is due to some in-circuit values having two valid decomposition bits, which could result in unintended behavior...
Duplicate Advisory: Consensys gnark-crypto allows Signature Malleability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fr8m-434r-g3xp. This link is maintained to preserve external references. Original Description Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and...
CVE-2023-44273
Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval...
gnark-crypto Code Issue Vulnerability
gnark-crypto is an open source library from Consensys. Provides elliptic curve and pairing-based cryptography on BN, BLS12, BLS24 and BW6 curves. A code issue vulnerability exists in Consensys gnark-crypto 0.11.2 and earlier versions, which stems from the presence of a deserialization vulnerabili...
CVE-2023-44273
Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval...
CVE-2023-44273
CVE-2023-44273 (gnark-crypto) affects github.com/consensys/gnark-crypto up to v0.11.2. During ECDSA/EdDSA signature deserialization, the library does not enforce that values lie in the range [1, n−1], enabling signature malleability and potential DoS. The issue has been fixed in v0.12.0 (PR #449)...