EUVD-2024-2765

Malicious code in bioql PyPI...

EUVD-2024-2851

Malicious code in bioql PyPI...

EUVD-2024-3021

Malicious code in bioql PyPI...

CVE-2024-45039

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...

CVE-2024-45040

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...

CVE-2024-50354

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory...

SUSE CVE-2024-45039

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...

Denial Of Service (DoS)

github.com/consensys/gnark is vulnerable to a Denial of Service DoS. The vulnerability is due to improper memory allocation handling during the deserialization of Groth16 verification keys, allowing attackers to trigger excessive memory allocation, leading to high memory consumption and potential...

SUSE CVE-2024-50354

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory...

CVE-2024-50354

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory...

CVE-2024-50354

Technical details for CVE-2024-50354 are not provided in the connected documents. The available sources only reference the CVE ID in advisory lists. Monitor for an official advisory or patch details to assess impact and remediation.

CVE-2024-50354 Out-of-memory during deserialization with crafted inputs

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory...

CVE-2024-50354 Out-of-memory during deserialization with crafted inputs

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory...

CVE-2024-50354 Out-of-memory during deserialization with crafted inputs

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory...

gnark 安全漏洞

gnark is a fast zk-SNARK library open-sourced by Consensys. for advanced APIs to design circuits. A security vulnerability exists in gnark version 0.11.0 and earlier versions, which stems from a deserialization of the Groth16 authentication key that allocates too much memory, which consumes a lar...

PT-2024-34163

Name of the Vulnerable Software and Affected Versions: gnark versions 0.11.0 and earlier Description: The issue is related to excessive memory allocation during the deserialization of Groth16 verification keys in gnark, leading to a denial of service DoS. This can cause the program to crash with ...

GO-2024-3123 Commitments to private witnesses in Groth16 as implemented break zero-knowledge property in github.com/consensys/gnark

Commitments to private witnesses in Groth16 as implemented break zero-knowledge property in github.com/consensys/gnark...

gnark's Groth16 commitment extension unsound for more than one commitment

Description The summary is that the proof of knowledge associated to a commitment is crucial to bind the commitment to the actual circuit variables that were supposed to be committed. However, the same σ is used for all proofs of knowledge for the commitments, which allows mixing between them,...

gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property

This report concerns the Groth16 prover when used with commitments as in frontend.Committer. To simplify exposition of the issue, I will focus on the case of a single commitment, to only private witnesses. But the issue should be present whenever commitments are used that include private witnesse...

GHSA-9XCG-3Q8V-7FQ6 gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property

This report concerns the Groth16 prover when used with commitments as in frontend.Committer. To simplify exposition of the issue, I will focus on the case of a single commitment, to only private witnesses. But the issue should be present whenever commitments are used that include private witnesse...