27 matches found
CVE-2019-7167
Zcash, before the Sapling network upgrade 2018-10-28, had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a...
EUVD-2019-16716
Malware in sbrugna...
EUVD-2024-2765
Malicious code in bioql PyPI...
EUVD-2023-2641
Malicious code in bioql PyPI...
Confidential Wrapped Ethereum
Transparency is one of the key benefits of public blockchains. However, the public visibility of transactions potentially compromises users' privacy. The fundamental challenge is to balance the intrinsic benefits of blockchain openness with the vital need for individual confidentiality. The...
CVE-2024-45040
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...
CVE-2024-50354
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory...
CVE-2023-44378
gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a...
CVE-2024-50354
Technical details for CVE-2024-50354 are not provided in the connected documents. The available sources only reference the CVE ID in advisory lists. Monitor for an official advisory or patch details to assess impact and remediation.
CVE-2024-50354 Out-of-memory during deserialization with crafted inputs
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory...
CVE-2024-50354 Out-of-memory during deserialization with crafted inputs
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory...
CVE-2024-45039
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...
CVE-2024-45040
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...
CVE-2024-45039
CVE-2024-45039 (gnark) affects gnark up to version 0.10.x; reported soundness issue arises when multiple commitments are used inside a circuit, allowing the prover to select all but the last commitment. gnark relies on commitments for optimized non-native multiplication and other checks, which co...
CVE-2024-45040
CVE-2024-45040 affects gnark’s Groth16 proofs that use commitments to private witnesses. The issue breaks zero-knowledge properties when commitments are used with Groth16 (PLONK is not affected). Attacks could enumerate possible witness values if small, compromising privacy; completeness and soun...
CVE-2024-45040 gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...
CVE-2024-45040 gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...
CVE-2023-44378
gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a...
Design/Logic Flaw
gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a...
CVE-2023-44378 gnark vulnerable to unsoundness in variable comparison/non-unique binary decomposition
gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a...