Veridiseaudits

**Name of the Vulnerable Software and Affected Versions** risc0-zkvm versions 2.0.0 through 2.1.0 risc0-circuit-rv32im versions 2.0.0 through 2.0.4 risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 **Description** RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. The `risc0-zkvm`, `risc0-circuit-rv32im`, and `risc0-circuit-rv32im-sys` packages contain an issue where signed integer division allows multiple outputs for certain inputs, with only one being valid. Division by zero results are also underconstrained. **Recommendations** Update to risc0-zkvm version 2.2.0 or later. Update to risc0-circuit-rv32im version 3.0.0 or later. Update to risc0-circuit-rv32im-sys version 3.0.0 or later.