4 matches found
PT-2024-34163
Name of the Vulnerable Software and Affected Versions: gnark versions 0.11.0 and earlier Description: The issue is related to excessive memory allocation during the deserialization of Groth16 verification keys in gnark, leading to a denial of service DoS. This can cause the program to crash with ...
GHSA-9XCG-3Q8V-7FQ6 gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property
This report concerns the Groth16 prover when used with commitments as in frontend.Committer. To simplify exposition of the issue, I will focus on the case of a single commitment, to only private witnesses. But the issue should be present whenever commitments are used that include private witnesse...
[SECURITY] Fedora 29 Update: python-ecdsa-0.13.3-1.fc29
This is an easy-to-use implementation of ECDSA cryptography Elliptic Curve Digital Signature Algorithm, implemented purely in Python, released under the MIT license. With this library, you can quickly create keypairs signing key and verifying key, sign messages, and verify the signatures. The key...
GHSA-PWFW-MGFJ-7G3G ecdsa Denial of Service vulnerability in signature verification and signature malleability
possible DoS in signature verification and signature malleability Impact Code using VerifyingKey.verify and VerifyingKey.verifydigest may receive exceptions other than the documented BadSignatureError when signatures are malformed. If those other exceptions are not caught, they may lead to progra...