Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded 2025/08/05 11:35 p.m.6 views

CVE-2025-54873 RISC Zero Underconstrained Vulnerability: Division

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed...

6.9CVSS0.00416EPSS
Exploits0References3
CVE
CVEadded 2025/08/05 11:35 p.m.14 views

CVE-2025-54873

Summary (CVE-2025-54873) : RISC Zero’s zkVM platform and related circuit packages contain a bug in signed integer division that can produce multiple outputs for some inputs (only one valid) and causes division-by-zero results to be underconstrained. Affected versions are: risc0-zkvm 2.0.0–2.1.0; ...

6.9CVSS6.5AI score0.00416EPSS
Exploits0References3
OSV
OSVadded 2025/08/05 5:42 p.m.4 views

GHSA-F6RC-24X4-PPXP RISC Zero Underconstrained Vulnerability: Division

Two issues were found: For some inputs to signed integer division, the circuit allowed two outputs, only one of which was valid. Additionally, the result of division by zero was underconstrained. This vulnerability was identified using the Picus tool from Veridise. Impacted on-chain verifiers hav...

6.9CVSS6.3AI score0.00416EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2025/08/05 5:42 p.m.6 views

RISC Zero Underconstrained Vulnerability: Division

Two issues were found: For some inputs to signed integer division, the circuit allowed two outputs, only one of which was valid. Additionally, the result of division by zero was underconstrained. This vulnerability was identified using the Picus tool from Veridise. Impacted on-chain verifiers hav...

6.9CVSS6.8AI score0.00416EPSS
Exploits0References5Affected Software3
Positive Technologies
Positive Technologiesadded 2025/06/24 12:0 a.m.2 views

PT-2025-26784 · Risc Zero +1 · Risc Zero +1

Name of the Vulnerable Software and Affected Versions: RISC Zero versions prior to 2.1.1 and 2.2.0 Description: The issue concerns the Steel.validateCommitment Solidity library function, which returns true for a crafted commitment with a digest value of zero. This violates the function's semantic...

6.3CVSS6.2AI score0.00487EPSS
Exploits0References15
NVD
NVDadded 2025/06/20 6:15 p.m.3 views

CVE-2025-52484

RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...

6.9CVSS0.0024EPSS
Exploits0References7
Rows per page
Query Builder