Pventuzelo

Name of the Vulnerable Software and Affected Versions: gnark versions 0.11.0 and earlier Description: The issue is related to excessive memory allocation during the deserialization of Groth16 verification keys in gnark, leading to a denial of service (DoS). This can cause the program to crash with an "out of memory" error. The problem arises when the `ReadFrom` function is called to load a `VerifyingKey` from a file, and it allocates a large amount of memory based on the value of `nbCommitments` extracted from the deserialized file. Recommendations: For gnark versions 0.11.0 and earlier, update to version 0.11.1 or later, which includes the fix for this issue. Alternatively, consider running key verification as a separate service that can halt the verification pipeline in case of an out-of-memory error when verification keys come from untrusted sources. As a temporary workaround, consider disabling the `ReadFrom` function for untrusted inputs until a patch is applied.