Описание
gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been patched in version 0.13.0.
Ссылки
- Patch
- Patch
- ExploitIssue Tracking
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:consensys:gnark:0.12.0:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00207
Низкий
7.5 High
CVSS3
Дефекты
CWE-400
Связанные уязвимости
CVSS3: 7.5
github
5 месяцев назад
gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm
EPSS
Процентиль: 43%
0.00207
Низкий
7.5 High
CVSS3
Дефекты
CWE-400