9 matches found
Double spend in snarkjs
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...
CVE-2023-33252
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...
CVE-2023-33252
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...
CVE-2023-33252
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...
CVE-2023-33252
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...
PT-2023-24246 · Unknown · Iden3 Snarkjs
Name of the Vulnerable Software and Affected Versions: iden3 snarkjs versions through 0.6.11 Description: The issue allows double spending due to the lack of validation that the publicSignals length is less than the field modulus. Recommendations: For iden3 snarkjs versions through 0.6.11, consid...
iden3 snarkjs 安全漏洞
snarkjs is an open source JavaScript library from iden3 open source for building zero-knowledge proofs. A security vulnerability exists in iden3 snarkjs version 0.6.11 and earlier, which stems from not verifying that the length of publicSignals is less than the field modulus...
CVE-2023-33252
CVE-2023-33252 concerns the iden3 snarkjs library (up to v0.6.11). The root cause is a missing validation of the length of publicSignals against the field modulus, enabling potential double-spending . The CVE is supported by multiple connected reports (Red Hat, OSV, GHSA, NVD, Veracode) documenti...
CVE-2023-33252
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...