Lucene search
+L

124 matches found

OSV
OSV
added 2024/10/29 3:37 p.m.7 views

GHSA-F77Q-R5QM-W4M8 sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic

The Gnark recursion circuit constrains arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. Proper implementation of this logic requires range checking Bn254 values to be less than the BabyBear modulus. In versions 1.2.0, functions like InvF and InvE used...

6.9CVSS7.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.5 views

PT-2024-40264 · Gnark · Gnark

Name of the Vulnerable Software and Affected Versions: Gnark versions prior to 1.2.0 Description: The issue concerns the Gnark recursion circuit, which has constraints on arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. The problem arises from improper...

6.9CVSS7.2AI score
Exploits0References4
Veracode
Veracode
added 2024/09/09 1:48 p.m.12 views

Sensitive Information Exposure

github.com/consensys/gnark is vulnerable to Sensitive Information Exposure. The vulnerability is caused by the same σ being used for all proofs of knowledge for commitments, allowing mixing between them. This makes it possible to fix the value of all but one commitment before selecting the circui...

6.2CVSS6.6AI score0.0019EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/09/06 1:15 p.m.38 views

CVE-2024-45040

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...

5.9CVSS0.00427EPSS
Exploits0References3
NVD
NVD
added 2024/09/06 1:15 p.m.38 views

CVE-2024-45039

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...

6.2CVSS0.0019EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/06 12:56 p.m.23 views

CVE-2024-45039 gnark's Groth16 commitment extension unsound for more than one commitment

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...

6.2CVSS6.3AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/06 12:56 p.m.41 views

CVE-2024-45039 gnark's Groth16 commitment extension unsound for more than one commitment

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...

6.2CVSS0.0019EPSS
Exploits0References2
CVE
CVE
added 2024/09/06 12:56 p.m.116 views

CVE-2024-45039

CVE-2024-45039 (gnark) affects gnark up to version 0.10.x; reported soundness issue arises when multiple commitments are used inside a circuit, allowing the prover to select all but the last commitment. gnark relies on commitments for optimized non-native multiplication and other checks, which co...

6.2CVSS6.2AI score0.0019EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/09/06 12:56 p.m.18 views

CVE-2024-45039 gnark's Groth16 commitment extension unsound for more than one commitment

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...

6.2CVSS6.3AI score0.0019EPSS
Exploits0References4
OSV
OSV
added 2024/09/06 12:53 p.m.27 views

CVE-2024-45040 gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...

5.9CVSS6.5AI score0.00427EPSS
Exploits0References5
CVE
CVE
added 2024/09/06 12:53 p.m.102 views

CVE-2024-45040

CVE-2024-45040 affects gnark’s Groth16 proofs that use commitments to private witnesses. The issue breaks zero-knowledge properties when commitments are used with Groth16 (PLONK is not affected). Attacks could enumerate possible witness values if small, compromising privacy; completeness and soun...

5.9CVSS5.5AI score0.00427EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.8 views

gnark 安全漏洞

gnark is a fast zk-SNARK library open-sourced by Consensys. for advanced APIs to design circuits. A security vulnerability exists in versions of gnark prior to 0.11.0 that stems from the ability of a prover to select all but the last commitment when multiple commitments are used in a circuit, whi...

6.2CVSS7AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/06 12:0 a.m.10 views

PT-2024-31389 · Gnark · Gnark

Name of the Vulnerable Software and Affected Versions: gnark versions prior to 0.11.0 Description: The issue is a soundness problem in the gnark zk-SNARK library. When multiple commitments are used inside a circuit, the prover can choose all but the last commitment. This could impact the soundnes...

9.8CVSS6.1AI score0.89633EPSS
Exploits15References38
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.8 views

gnark 安全漏洞

gnark is a fast zk-SNARK library open-sourced by Consensys. for advanced APIs to design circuits. A security vulnerability exists in versions prior to gnark 0.11.0, which stems from the fact that the implementation of the commitment to a private witness in a Groth16 proof breaks the zero-knowledg...

5.9CVSS6.4AI score0.00427EPSS
Exploits0References4
Veracode
Veracode
added 2024/02/06 7:9 a.m.13 views

Improper Input Validation

github.com/consensys/gnark is vulnerable to Improper Input Validation. The vulnerability is due to a lack of width validation in the range checker gadget. The Range checker allows inputs to be up to 16 bits wider than checked...

6.9AI score
Exploits0
Veracode
Veracode
added 2024/02/06 6:6 a.m.29 views

Signature Malleability

github.com/consensys/gnark-crypto is vulnerable to Signature Malleability. The vulnerability is due to the deserialization process of EdDSA and ECDSA signatures which does not ensure that the data is in a certain interval. This can be exploited to mount a Signature Malleability attack...

9.8CVSS7AI score0.00844EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/11/15 7:7 p.m.17 views

GO-2023-2333 Range checker gadget allows wider inputs than allowed in github.com/consensys/gnark

Range checker gadget allows wider inputs than allowed in github.com/consensys/gnark...

7.1AI score
Exploits0References3
OSV
OSV
added 2023/11/12 3:56 p.m.24 views

GHSA-RJJM-X32P-M3F7 gnark's range checker gadget allows wider inputs up to word alignment

Impact gnark provides a gadget in the standard library to allow optimized checking of the bitwidth of the inputs. The gadget works by constructing a fixed lookup table containing all valid entries, partitioning the input and checking that all parts are inside the lookup table. The range checker...

3.2CVSS7.3AI score
Exploits0References4
OSV
OSV
added 2023/10/24 8:27 p.m.21 views

GO-2023-2119 Proof forgery due to insufficient randomness in github.com/consensys/gnark

A a third party may derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. This vulnerability is due to randomness being generated using a small part of the scratch memory describing the state, allowing for degrees of...

7AI score
Exploits0References2
OSV
OSV
added 2023/10/09 9:30 p.m.24 views

GO-2023-2101 Incorrect exponentiation results in github.com/consensys/gnark-crypto

Incorrect exponentiation results in github.com/consensys/gnark-crypto...

7.2AI score
Exploits0References5
Rows per page
Query Builder