Name of the Vulnerable Software and Affected Versions:

gnark versions prior to 0.13.0

Description:

gnark is a zero-knowledge proof system framework. A denial of service issue can occur when computing scalar multiplication using the fake-GLV algorithm in versions prior to 0.13.0. This is due to the algorithm not converging quickly enough for certain inputs, potentially causing the prover to get stuck in a slow loop if accepting untrusted witness data.

Recommendations:

Update gnark to version 0.13.0 or later.

Update the gnark-crypto dependency to the fixed version.