consensys gnark-crypto CVE Vulnerabilities (3)

CVEs: 3 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting consensys gnark-crypto (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 13 of 3 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2024-45040 gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not affected. The vulnerability affects the zero-knowledge property of the proofs - in case the witness (secret or internal) values are small, then the attacker may be able to enumerate all possible choices to [email protected] 5.9 0.43% 2024-09-06 2026-06-17
CVE-2024-45039 gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized non-native multiplication, lookup checks etc. as random challenges, then it could impact the soundness of the whole circuit. However, using multiple commitments has been discouraged due to the additional cost t [email protected] 6.2 0.19% 2024-09-06 2026-06-17
CVE-2023-44273 Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval. [email protected] 9.8 0.84% 2023-09-28 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence