Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.
References
Link | Resource |
---|---|
https://github.com/Consensys/gnark-crypto/pull/449 | Patch |
https://github.com/Consensys/gnark-crypto/releases | Release Notes |
https://verichains.io | Product |
Configurations
History
02 Oct 2023, 21:06
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-502 | |
CPE | cpe:2.3:a:consensys:gnark-crypto:*:*:*:*:*:*:*:* | |
First Time |
Consensys
Consensys gnark-crypto |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://github.com/Consensys/gnark-crypto/releases - Release Notes | |
References | (MISC) https://github.com/Consensys/gnark-crypto/pull/449 - Patch | |
References | (MISC) https://verichains.io - Product |
28 Sep 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-28 04:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-44273
Mitre link : CVE-2023-44273
CVE.ORG link : CVE-2023-44273
JSON object : View
Products Affected
consensys
- gnark-crypto
CWE
CWE-502
Deserialization of Untrusted Data