CVE-2026-32322

soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field...

CVE-2026-32322

soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

GHSA-XP5G-JHG3-3RG2 Double spend in snarkjs

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

Design/Logic Flaw

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

PT-2023-24246 · Unknown · Iden3 Snarkjs

Name of the Vulnerable Software and Affected Versions: iden3 snarkjs versions through 0.6.11 Description: The issue allows double spending due to the lack of validation that the publicSignals length is less than the field modulus. Recommendations: For iden3 snarkjs versions through 0.6.11, consid...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

iden3 snarkjs 安全漏洞

snarkjs is an open source JavaScript library from iden3 open source for building zero-knowledge proofs. A security vulnerability exists in iden3 snarkjs version 0.6.11 and earlier, which stems from not verifying that the length of publicSignals is less than the field modulus...

CVE-2023-33252

CVE-2023-33252 concerns the iden3 snarkjs library (up to v0.6.11). The root cause is a missing validation of the length of publicSignals against the field modulus, enabling potential double-spending . The CVE is supported by multiple connected reports (Red Hat, OSV, GHSA, NVD, Veracode) documenti...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...