9 matches found
EUVD-2025-19064
Malicious code in bioql PyPI...
CVE-2025-52884
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...
RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment
Impact Prior to 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library function will return true for a crafted commitment with a digest value of zero. This violates the semantics of validateCommitment, as this does not commitment to a block that is in the current chain. Because the digest...
GHSA-GJV3-89HH-9XQ2 RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment
Impact Prior to 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library function will return true for a crafted commitment with a digest value of zero. This violates the semantics of validateCommitment, as this does not commitment to a block that is in the current chain. Because the digest...
CVE-2025-52884
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...
CVE-2025-52884 risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...
CVE-2025-52884
CVE-2025-52884 (RISC Zero Ethereum) affects the risc0-ethereum project where the Solidity library function Steel.validateCommitment incorrectly returns true for a crafted commitment with a digest value of zero prior to versions 2.1.1 and 2.2.0. This violates the semantics of validateCommitment, a...
CVE-2025-52884 risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...
PT-2025-26784 · Risc Zero +1 · Risc Zero +1
Name of the Vulnerable Software and Affected Versions: RISC Zero versions prior to 2.1.1 and 2.2.0 Description: The issue concerns the Steel.validateCommitment Solidity library function, which returns true for a crafted commitment with a digest value of zero. This violates the function's semantic...