blob: a849c2c0822fafc0f158d2ff810ce0a9aaab0e40 [file] [log] [blame]
id: GO-2023-2096
modules:
- module: github.com/consensys/gnark-crypto
versions:
- fixed: 0.12.0
vulnerable_at: 0.11.2
packages:
- package: github.com/consensys/gnark-crypto/ecc/bls12-377/ecdsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bls12-377/twistededwards
symbols:
- Signature.SetBytes
- package: github.com/consensys/gnark-crypto/ecc/bls12-378/ecdsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bls12-378/twistededwards/eddsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bls12-381/bandersnatch/eddsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bls12-381/ecdsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bls12-381/twistededwards/eddsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bls24-315/ecdsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bls24-315/twistededwards/eddsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bls24-317/ecdsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bls24-317/twistededwards/eddsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bn254/ecdsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bn254/twistededwards/eddsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bw6-633/ecdsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bw6-633/twistededwards/eddsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bw6-756/ecdsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bw6-756/twistededwards/eddsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bw6-761/ecdsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/bw6-761/twistededwards/eddsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/secp256k1/ecdsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
- package: github.com/consensys/gnark-crypto/ecc/stark-curve/ecdsa
symbols:
- Signature.SetBytes
derived_symbols:
- PublicKey.Verify
summary: Signature malleability in github.com/consensys/gnark-crypto
cves:
- CVE-2023-44273
ghsas:
- GHSA-9xfq-8j3r-xp5g
references:
- fix: https://github.com/Consensys/gnark-crypto/pull/449
- web: https://verichains.io
- web: https://github.com/Consensys/gnark-crypto/releases/tag/v0.12.0
- advisory: https://github.com/advisories/GHSA-9xfq-8j3r-xp5g
review_status: REVIEWED