3 matches found
CVE-2025-61588
RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. In versions 2.0.2 and below of risc0-zkvm-platform, when the zkVM guest calls sysread, the host is able to use a crafted response to write to an arbitrary memory location in th...
risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read`
Arbitrary code execution in guest via memory safety failure in sysread In affected versions of risc0-zkvm-platform, when the zkVM guest calls sysread, the host is able to use a crafted response to write to an arbitrary memory location in the guest. This capability can be leveraged to execute...
GHSA-JQQ4-C7WQ-36H7 risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read`
Arbitrary code execution in guest via memory safety failure in sysread In affected versions of risc0-zkvm-platform, when the zkVM guest calls sysread, the host is able to use a crafted response to write to an arbitrary memory location in the guest. This capability can be leveraged to execute...