CVE-2023-44273

Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.
Configurations

Configuration 1 (hide)

cpe:2.3:a:consensys:gnark-crypto:*:*:*:*:*:*:*:*

History

02 Oct 2023, 21:06

Type Values Removed Values Added
CWE CWE-502
CPE cpe:2.3:a:consensys:gnark-crypto:*:*:*:*:*:*:*:*
First Time Consensys
Consensys gnark-crypto
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://github.com/Consensys/gnark-crypto/releases - (MISC) https://github.com/Consensys/gnark-crypto/releases - Release Notes
References (MISC) https://github.com/Consensys/gnark-crypto/pull/449 - (MISC) https://github.com/Consensys/gnark-crypto/pull/449 - Patch
References (MISC) https://verichains.io - (MISC) https://verichains.io - Product

28 Sep 2023, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-28 04:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-44273

Mitre link : CVE-2023-44273

CVE.ORG link : CVE-2023-44273


JSON object : View

Products Affected

consensys

  • gnark-crypto
CWE
CWE-502

Deserialization of Untrusted Data