PT-2023-29183 · Consensys · Gnark-Crypto

Thomaspiellard

Published

2023-09-27

Updated

2025-10-30

CVE-2023-44273

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Consensys gnark-crypto versions 0.11.2 and earlier

Description The issue occurs due to the deserialisation of EdDSA and ECDSA signatures not ensuring that the data is in a certain interval, allowing Signature Malleability.

Recommendations For Consensys gnark-crypto versions 0.11.2 and earlier, consider updating to a version that fixes the deserialisation issue of EdDSA and ECDSA signatures to prevent Signature Malleability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Verification of Cryptographic Signature

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347CWE-502

Related Identifiers

CVE-2023-44273

GHSA-9XFQ-8J3R-XP5G

GHSA-FR8M-434R-G3XP

GO-2023-2096

GO-2025-4027

Affected Products

Gnark-Crypto

PT-2023-29183 · Consensys · Gnark-Crypto

CVE-2023-44273

Weakness Enumeration

Related Identifiers

Affected Products

References · 18