9 matches found
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
EUVD-2023-2485
Malicious code in bioql PyPI...
Gnark out-of-memory during deserialization with crafted inputs
Thanks @pventuzelo for reporting. From the correspondence: Hi, We Fuzzinglabs & Lambdaclass found that during deserialization of certain files representing a VerifyingKey, an excessive memory allocation is happening consuming a lot of resources and even triggering a crash with the error fatal...
Duplicate Advisory: Consensys gnark-crypto allows Signature Malleability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fr8m-434r-g3xp. This link is maintained to preserve external references. Original Description Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and...
CVE-2023-44273
Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval...
CVE-2023-44273
CVE-2023-44273 (gnark-crypto) affects github.com/consensys/gnark-crypto up to v0.11.2. During ECDSA/EdDSA signature deserialization, the library does not enforce that values lie in the range [1, n−1], enabling signature malleability and potential DoS. The issue has been fixed in v0.12.0 (PR #449)...
gnark-crypto Code Issue Vulnerability
gnark-crypto is an open source library from Consensys. Provides elliptic curve and pairing-based cryptography on BN, BLS12, BLS24 and BW6 curves. A code issue vulnerability exists in Consensys gnark-crypto 0.11.2 and earlier versions, which stems from the presence of a deserialization vulnerabili...
CVE-2023-44273
Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval...