PT-2023-29183 · Consensys · Gnark-Crypto

Thomaspiellard

Publicado

2023-09-27

Atualizado

2025-10-30

CVE-2023-44273

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Consensys gnark-crypto versions 0.11.2 and earlier

Description The issue occurs due to the deserialisation of EdDSA and ECDSA signatures not ensuring that the data is in a certain interval, allowing Signature Malleability.

Recommendations For Consensys gnark-crypto versions 0.11.2 and earlier, consider updating to a version that fixes the deserialisation issue of EdDSA and ECDSA signatures to prevent Signature Malleability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Verification of Cryptographic Signature

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-347CWE-502

Identificadores relacionados

CVE-2023-44273

GHSA-9XFQ-8J3R-XP5G

GHSA-FR8M-434R-G3XP

GO-2023-2096

GO-2025-4027

Produtos afetados

Gnark-Crypto

PT-2023-29183 · Consensys · Gnark-Crypto

CVE-2023-44273

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18