| Copyright 2024 The Go Authors. All rights reserved. |
| Use of this source code is governed by a BSD-style |
| license that can be found in the LICENSE file. |
| |
| Expected output of TestCVEToReport/CVE-2023-44378. |
| |
| -- CVE-2023-44378 -- |
| id: PLACEHOLDER-ID |
| modules: |
| - module: github.com/Consensys/gnark |
| vulnerable_at: 0.9.1 |
| packages: |
| - package: gnark |
| summary: CVE-2023-44378 in github.com/Consensys/gnark |
| description: |- |
| gnark is a zk-SNARK library that offers a high-level API to design circuits. |
| Prior to version 0.9.0, for some in-circuit values, it is possible to construct |
| two valid decomposition to bits. In addition to the canonical decomposition of |
| `a`, for small values there exists a second decomposition for `a+r` (where `r` |
| is the modulus the values are being reduced by). The second decomposition was |
| possible due to overflowing the field where the values are defined. Upgrading to |
| version 0.9.0 should fix the issue without needing to change the calls to value |
| comparison methods. |
| cves: |
| - CVE-2023-44378 |
| references: |
| - advisory: https://github.com/Consensys/gnark/security/advisories/GHSA-498w-5j49-vqjg |
| - report: https://github.com/zkopru-network/zkopru/issues/116 |
| - fix: https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f |
| source: |
| id: CVE-2023-44378 |