Vulnerability Report: GO-2023-2098
- CVE-2023-44378, GHSA-498w-5j49-vqjg
- Affects: github.com/consensys/gnark
- Published: Oct 09, 2023
- Modified: May 20, 2024
Unsoundness in variable comparison / non-unique binary decomposition in github.com/consensys/gnark
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-498w-5j49-vqjg.
Affected Packages
-
PathGo VersionsSymbols
-
before v0.9.0
5 unexported affected symbols
- builder.AssertIsLessOrEqual
- builder.Cmp
- builder.ToBinary
- builder.mustBeLessOrEqCst
- builder.mustBeLessOrEqVar
-
before v0.9.0
5 unexported affected symbols
- builder.AssertIsLessOrEqual
- builder.Cmp
- builder.ToBinary
- builder.mustBeLessOrEqCst
- builder.mustBeLessOrEqVar
-
before v0.9.0
1 unexported affected symbols
- recursiveHint.Define
-
before v0.9.0
Aliases
References
- https://github.com/zkopru-network/zkopru/issues/116
- https://github.com/Consensys/gnark/pull/835
- https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f
- https://github.com/advisories/GHSA-498w-5j49-vqjg
- https://vuln.go.dev/ID/GO-2023-2098.json
Credits
- @kustosz
Feedback
See anything missing or incorrect?
Suggest an edit to this report.