Lucene search
K

11 matches found

OSV
OSV
added 2026/03/13 8:2 p.m.1 views

GHSA-X2HW-PX52-WP4M rs-soroban-sdk: `Fr` scalar field equality comparison bypasses modular reduction

Security Advisory: Incorrect Equality for Fr Scalar Field Types BN254, BLS12-381 Summary Missing modular reduction in Fr causes incorrect equality comparisons for BN254 and BLS12-381 types in soroban-sdk. Impact The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values usin...

5.3CVSS5.9AI score0.00279EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/13 8:2 p.m.5 views

rs-soroban-sdk: `Fr` scalar field equality comparison bypasses modular reduction

Security Advisory: Incorrect Equality for Fr Scalar Field Types BN254, BLS12-381 Summary Missing modular reduction in Fr causes incorrect equality comparisons for BN254 and BLS12-381 types in soroban-sdk. Impact The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values usin...

5.3CVSS5.9AI score0.00279EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/03/13 7:54 p.m.8 views

CVE-2026-32322

soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field...

5.3CVSS0.00279EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/12 9:39 p.m.2 views

CVE-2026-32322 soroban-sdk: `Fr` scalar field equality comparison bypasses modular reduction

soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References1
CVE
CVE
added 2026/03/12 9:39 p.m.26 views

CVE-2026-32322

Summary : The Soroban SDK (Rust) Fr scalar field types for BN254 and BLS12-381 were vulnerable prior to 22.0.11, 23.5.3, and 25.3.0 because equality comparisons used raw U256 values without reducing modulo the field modulus r. This could cause mathematically equal field elements to compare as une...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-30427

Malicious code in bioql PyPI...

5.8CVSS6.6AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2024/10/29 3:37 p.m.6 views

GHSA-F77Q-R5QM-W4M8 sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic

The Gnark recursion circuit constrains arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. Proper implementation of this logic requires range checking Bn254 values to be less than the BabyBear modulus. In versions 1.2.0, functions like InvF and InvE used...

6.9CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2024/04/16 9:15 a.m.4 views

CVE-2024-32625

In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations...

5.8CVSS5.9AI score0.00417EPSS
Exploits0References1
CVE
CVE
added 2024/04/16 9:0 a.m.62 views

CVE-2024-32625

CVE-2024-32625 concerns OffloadAMRWriter where a scalar field is not initialized, leaving an arbitrary value from prior computations. Multiple sources corroborate this, including the NVD entry for CVE-2024-32625 and related records. The vulnerability description identifies the root cause as an un...

5.8CVSS7AI score0.00417EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/16 9:0 a.m.29 views

CVE-2024-32625 Uninitialized scalar field

In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations...

5.8CVSS6AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2023/11/12 3:56 p.m.22 views

GHSA-RJJM-X32P-M3F7 gnark's range checker gadget allows wider inputs up to word alignment

Impact gnark provides a gadget in the standard library to allow optimized checking of the bitwidth of the inputs. The gadget works by constructing a fixed lookup table containing all valid entries, partitioning the input and checking that all parts are inside the lookup table. The range checker...

3.2CVSS7.3AI score
Exploits0References4
Rows per page
Query Builder