124 matches found
Improper Input Validation
github.com/consensys/gnark-crypto is vulnerable to Improper Input Validation. The vulnerability is due to missing range checks during deserialization of ECDSA and EdDSA signature values, which allows an attacker to craft signatures with zero or out-of-range inputs that can trigger a null pointer...
GO-2025-4087 Unchecked memory allocation during vector deserialization in github.com/consensys/gnark-crypto
Unchecked memory allocation during vector deserialization in github.com/consensys/gnark-crypto...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
GHSA-FJ2X-735W-74VQ gnark-crypto allows unchecked memory allocation during vector deserialization
The issue has been reported by @raefko from @fuzzinglabs. Excerpts from the report: A critical vulnerability exists in the gnark-crypto library's Vector.ReadFrom function that allows an attacker to trigger arbitrary memory allocation by crafting malicious input data. An attacker can cause the...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
EUVD-2025-37035
gnark-crypto allows unchecked memory allocation during vector deserialization...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
gnark-crypto allows unchecked memory allocation during vector deserialization
The issue has been reported by @raefko from @fuzzinglabs. Excerpts from the report: A critical vulnerability exists in the gnark-crypto library's Vector.ReadFrom function that allows an attacker to trigger arbitrary memory allocation by crafting malicious input data. An attacker can cause the...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...