GHSA-9xfq-8j3r-xp5g

Опубликовано: 28 сент. 2023

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Duplicate Advisory: Consensys gnark-crypto allows Signature Malleability

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-fr8m-434r-g3xp. This link is maintained to preserve external references.

Original Description

Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2023-44273
https://github.com/Consensys/gnark-crypto/pull/449
https://github.com/Consensys/gnark-crypto/releases
https://github.com/Consensys/gnark-crypto/releases/tag/v0.12.0
https://verichains.io

Пакеты

Наименование

github.com/Consensys/gnark-crypto

Затронутые версииВерсия исправления

< 0.12.0

0.12.0

Наименование

github.com/consensys/gnark-crypto

Затронутые версииВерсия исправления

< 0.12.0

0.12.0

9.8 Critical

CVSS3

Дефекты

CWE-502

9.8 Critical

CVSS3

Дефекты

CWE-502