CVE-2025-58157
- EPSS 0.21%
- Veröffentlicht 29.08.2025 21:21:35
- Zuletzt bearbeitet 24.09.2025 18:25:48
gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enou...
CVE-2025-57801
- EPSS 0.04%
- Veröffentlicht 22.08.2025 19:54:05
- Zuletzt bearbeitet 12.09.2025 19:05:41
gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S < order, leading to a signature malleability vulnerability. Bec...
CVE-2024-50354
- EPSS 0.1%
- Veröffentlicht 31.10.2024 16:15:05
- Zuletzt bearbeitet 23.09.2025 02:00:09
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error ...
CVE-2023-44378
- EPSS 0.04%
- Veröffentlicht 09.10.2023 14:15:10
- Zuletzt bearbeitet 21.11.2024 08:25:46
gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small...