Gnark-crypto Security Vulnerabilities and Issues — Gnark-crypto CVE List

Lucene search

ConsensysGnark-crypto

3 matches found

CVE•added 2024/09/06 1:15 p.m.•82 views

CVE-2024-45040

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not affe...

5.9CVSS5.5AI score0.00136EPSS

CVE•added 2024/09/06 1:15 p.m.•78 views

CVE-2024-45039

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized non-nativ...

6.2CVSS6.2AI score0.00047EPSS

CVE•added 2023/09/28 4:15 a.m.•46 views

CVE-2023-44273

Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.

9.8CVSS9.3AI score0.00223EPSS