CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Veracode•added 2023/05/24 4:57 a.m.•28 views

Double-Spend Attacks

snarkjs is vulnerable to Double-Spend Attacks. The vulnerability exists because the library does not validate the publicSignal when the user input publicSignals length is less than the field modulus...

7.5CVSS6.8AI score0.00119EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2023/05/22 12:30 a.m.•48 views

Double spend in snarkjs

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

7.5CVSS6.9AI score0.00119EPSS

Exploits0References4Affected Software1

vulnersOsv•added 2023/05/22 12:30 a.m.•2 views

@0xagnish/circom2-create-project (=1.0.412), @0xagnish/create-circom2-project (>=1.0.0 <=1.0.418) +322 more potentially affected by CVE-2023-33252 via snarkjs (>=0.1.11 <=0.6.11)

snarkjs NPM version =0.1.11, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.1, =2.0.0-alpha.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.2.2 and more Source cves: CVE-2023-33252 Source advisory: OSV:GHSA-XP5G-JHG3-3RG2...

7.5CVSS7.1AI score0.00119EPSS

Exploits0

OSV•added 2023/05/22 12:30 a.m.•1 views

GHSA-XP5G-JHG3-3RG2 Double spend in snarkjs

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

7.5CVSS5.9AI score0.00119EPSS

Exploits0References4

ATTACKERKB•added 2023/05/21 10:15 p.m.•9 views

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

7.5CVSS7.1AI score0.00119EPSS

Exploits0References3

OSV•added 2023/05/21 10:15 p.m.•18 views

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

7.5CVSS7.1AI score

Exploits0References2

NVD•added 2023/05/21 10:15 p.m.•16 views

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

7.5CVSS7.5AI score0.00119EPSS

Exploits0References2

Positive Technologies•added 2023/05/21 12:0 a.m.•3 views

PT-2023-24246 · Unknown · Iden3 Snarkjs

Name of the Vulnerable Software and Affected Versions: iden3 snarkjs versions through 0.6.11 Description: The issue allows double spending due to the lack of validation that the publicSignals length is less than the field modulus. Recommendations: For iden3 snarkjs versions through 0.6.11, consid...

7.5CVSS6.9AI score0.00119EPSS

Exploits0References7

Vulnrichment•added 2023/05/21 12:0 a.m.•6 views

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

6.8AI score0.00119EPSS

Exploits0References2

CNNVD•added 2023/05/21 12:0 a.m.•2 views

iden3 snarkjs 安全漏洞

snarkjs is an open source JavaScript library from iden3 open source for building zero-knowledge proofs. A security vulnerability exists in iden3 snarkjs version 0.6.11 and earlier, which stems from not verifying that the length of publicSignals is less than the field modulus...

7.5CVSS7.2AI score0.00119EPSS

Exploits0References3

CVE•added 2023/05/21 12:0 a.m.•71 views

CVE-2023-33252

CVE-2023-33252 concerns the iden3 snarkjs library (up to v0.6.11). The root cause is a missing validation of the length of publicSignals against the field modulus, enabling potential double-spending . The CVE is supported by multiple connected reports (Red Hat, OSV, GHSA, NVD, Veracode) documenti...

7.5CVSS7.5AI score0.00119EPSS

Exploits0References2Affected Software1