15 matches found
EUVD-2021-1846
Malware in sbrugna...
CVE-2021-38194
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mulbyinverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified...
aries-askar (>=0.1.2 <=0.2.7), arkworks-r1cs-gadgets (>=0.5.0 <=1.2.0) +100 more potentially affected by unknown CVE via xsalsa20poly1305 (>=0.4.2 <=0.9.1)
xsalsa20poly1305 CARGO version =0.4.2, =0.1.2, =0.5.0, =0.5.0, =0.2.0, =0.1.0, =0.1.0, =0.1.1 - bramble-handshake =0.1.0 - bramble-qr =0.1.0 - bramble-rendezvous =0.1.0 - bramble-sync =0.1.0 - bramble-transport =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0037...
GHSA-QJ3V-Q2VJ-4C8H Calculation error in ark-r1cs-std
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mulbyinverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified...
ark-bls12-377 (=0.2.0), ark-crypto-primitives (=0.2.0) +19 more potentially affected by CVE-2021-38194 via ark-r1cs-std (=0.2.0)
ark-r1cs-std CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on ark-r1cs-std and may be impacted: - ark-bls12-377 =0.2.0 - ark-crypto-primitives =0.2.0 - ark-curve-constraint-tests =0.2.0 - ark-ed-on-bls12-377 =0.2.0 -...
Mozilla Rust has an unspecified vulnerability (CNVD-2021-61409)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability in ark-r1cs-std crate in Mozilla Rust before 0.3.1, which stems from FieldVar:: the mulbyinverse method does not enforce any constraints and can be exploited by an attacker to launch...
CVE-2021-38194
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mulbyinverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified...
CVE-2021-38194
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mulbyinverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified...
Design/Logic Flaw
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mulbyinverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified...
CVE-2021-38194
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mulbyinverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified...
CVE-2021-38194
The CVE-2021-38194 issue affects the ark-r1cs-std crate for Rust (versions before 0.3.1). FieldVar::mul_by_inverse does not enforce constraints, allowing a malicious prover to produce an unsound proof that still verifies. The problem is caused by missing constraint checks in this method, compromi...
Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability in ark-r1cs-std crate in Mozilla Rust before 0.3.1, which stems from FieldVar:: the mulbyinverse method does not enforce any constraints and can be exploited by an attacker to launch...
ark-bls12-377 (=0.2.0), ark-crypto-primitives (=0.2.0) +19 more potentially affected by CVE-2021-38194 via ark-r1cs-std (=0.2.0)
ark-r1cs-std CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on ark-r1cs-std and may be impacted: - ark-bls12-377 =0.2.0 - ark-crypto-primitives =0.2.0 - ark-curve-constraint-tests =0.2.0 - ark-ed-on-bls12-377 =0.2.0 -...
Flaw in `FieldVar::mul_by_inverse` allows unsound R1CS constraint systems
Versions 0.2.0 to 0.3.0 of ark-r1cs-std did not enforce any constraints in the FieldVar::mulbyinverse method, allowing a malicious prover to produce an unsound proof that passes all verifier checks. This method was used primarily in scalar multiplication for shortweierstrass::ProjectiveVar. This...
RUSTSEC-2021-0075 Flaw in `FieldVar::mul_by_inverse` allows unsound R1CS constraint systems
Versions 0.2.0 to 0.3.0 of ark-r1cs-std did not enforce any constraints in the FieldVar::mulbyinverse method, allowing a malicious prover to produce an unsound proof that passes all verifier checks. This method was used primarily in scalar multiplication for shortweierstrass::ProjectiveVar. This...