CVE-2026-41197

Name of the Vulnerable Software and Affected Versions Noir versions prior to 1.0.0-beta.19

Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the compiler processes SSA instructions in BrilligBlock::compile block(). If an Instruction::Call with a Value::ForeignFunction target is encountered, it invokes codegen call() in 'brillig call/code gen call.rs', which then dispatches to convert ssa foreign call(). Before emitting the foreign call opcode, the compiler uses allocate external call results() to pre-allocate memory for array results. For Type::Array results, it delegates to allocate foreign call result array() for recursive heap allocation of nested arrays.

The BrilligArray struct uses a size field to represent the semi-flattened size, which is the total number of memory slots an array occupies, including multiple slots for composite types like tuples. While outer arrays are handled correctly via define variable() and allocate value with type(), the allocate foreign call result array() function contains a bug. It uses the semantic length (the number of logical elements) instead of the semi-flattened size when processing nested arrays. This leads to under-allocation for composite element types, causing foreign calls that return nested arrays of tuples or other composite types to corrupt the Brillig VM heap.

Recommendations Update to version 1.0.0-beta.19. Multiply the semantic length by the number of element types when allocating nested arrays by extracting inner types from the pattern and replacing the nested size argument to allocate brillig array() with types.len() * nested size to compute the semi-flattened size. Alternatively, reuse the compute array length() helper function for nested array allocation to maintain consistency with outer array allocation.