{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45039", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-08-21T17:53:51.330Z", "datePublished": "2024-09-06T12:56:15.080Z", "dateUpdated": "2024-09-06T13:59:16.727Z"}, "containers": {"cna": {"title": "gnark's Groth16 commitment extension unsound for more than one commitment", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Consensys/gnark/security/advisories/GHSA-q3hw-3gm4-w5cr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Consensys/gnark/security/advisories/GHSA-q3hw-3gm4-w5cr"}, {"name": "https://github.com/Consensys/gnark/commit/e7c66b000454f4d2a4ae48c005c34154d4cfc2a2", "tags": ["x_refsource_MISC"], "url": "https://github.com/Consensys/gnark/commit/e7c66b000454f4d2a4ae48c005c34154d4cfc2a2"}], "affected": [{"vendor": "Consensys", "product": "gnark", "versions": [{"version": "< 0.11.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-06T12:56:15.080Z"}, "descriptions": [{"lang": "en", "value": "gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized non-native multiplication, lookup checks etc. as random challenges, then it could impact the soundness of the whole circuit. However, using multiple commitments has been discouraged due to the additional cost to the verifier and it has not been supported in the recursive in-circuit Groth16 verifier and Solidity verifier. gnark's maintainers expect the impact of the issue be very small - only for the users who have implemented the native Groth16 verifier or are using it with multiple commitments. We do not have information of such users. The issue has been patched in version 0.11.0. As a workaround, users should follow gnark maintainers' recommendation to use only a single commitment and then derive in-circuit commitments as needed using the `std/multicommit` package."}], "source": {"advisory": "GHSA-q3hw-3gm4-w5cr", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "consensys", "product": "gnark", "cpes": ["cpe:2.3:a:consensys:gnark:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.11.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T13:58:43.116066Z", "id": "CVE-2024-45039", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T13:59:16.727Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45039", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-06T13:58:43.116066Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:consensys:gnark:*:*:*:*:*:*:*:*"], "vendor": "consensys", "product": "gnark", "versions": [{"status": "affected", "version": "0", "lessThan": "0.11.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T13:59:10.880Z"}}], "cna": {"title": "gnark's Groth16 commitment extension unsound for more than one commitment", "source": {"advisory": "GHSA-q3hw-3gm4-w5cr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Consensys", "product": "gnark", "versions": [{"status": "affected", "version": "< 0.11.0"}]}], "references": [{"url": "https://github.com/Consensys/gnark/security/advisories/GHSA-q3hw-3gm4-w5cr", "name": "https://github.com/Consensys/gnark/security/advisories/GHSA-q3hw-3gm4-w5cr", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Consensys/gnark/commit/e7c66b000454f4d2a4ae48c005c34154d4cfc2a2", "name": "https://github.com/Consensys/gnark/commit/e7c66b000454f4d2a4ae48c005c34154d4cfc2a2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized non-native multiplication, lookup checks etc. as random challenges, then it could impact the soundness of the whole circuit. However, using multiple commitments has been discouraged due to the additional cost to the verifier and it has not been supported in the recursive in-circuit Groth16 verifier and Solidity verifier. gnark's maintainers expect the impact of the issue be very small - only for the users who have implemented the native Groth16 verifier or are using it with multiple commitments. We do not have information of such users. The issue has been patched in version 0.11.0. As a workaround, users should follow gnark maintainers' recommendation to use only a single commitment and then derive in-circuit commitments as needed using the `std/multicommit` package."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-06T12:56:15.080Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45039", "state": "PUBLISHED", "dateUpdated": "2024-09-06T13:59:16.727Z", "dateReserved": "2024-08-21T17:53:51.330Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-06T12:56:15.080Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:consensys:gnark-crypto:*:*:*:*:*:*:*:*", "matchCriteriaId": "622EAC41-6FA3-4B4A-948D-81E243DEFAA7", "versionEndExcluding": "0.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized non-native multiplication, lookup checks etc. as random challenges, then it could impact the soundness of the whole circuit. However, using multiple commitments has been discouraged due to the additional cost to the verifier and it has not been supported in the recursive in-circuit Groth16 verifier and Solidity verifier. gnark's maintainers expect the impact of the issue be very small - only for the users who have implemented the native Groth16 verifier or are using it with multiple commitments. We do not have information of such users. The issue has been patched in version 0.11.0. As a workaround, users should follow gnark maintainers' recommendation to use only a single commitment and then derive in-circuit commitments as needed using the `std/multicommit` package."}, {"lang": "es", "value": "gnark es una librer\u00eda zk-SNARK r\u00e1pida que ofrece una API de alto nivel para dise\u00f1ar circuitos. Las versiones anteriores a la 0.11.0 tienen un problema de solidez: en caso de que se utilicen m\u00faltiples compromisos dentro del circuito, el probador puede elegir todos los compromisos excepto el \u00faltimo. Como gnark utiliza los compromisos para la multiplicaci\u00f3n no nativa optimizada, las comprobaciones de b\u00fasqueda, etc. como desaf\u00edos aleatorios, podr\u00eda afectar la solidez de todo el circuito. Sin embargo, se ha desaconsejado el uso de m\u00faltiples compromisos debido al coste adicional para el verificador y no se ha admitido en el verificador recursivo Groth16 en circuito ni en el verificador Solidity. Los mantenedores de gnark esperan que el impacto del problema sea muy peque\u00f1o: solo para los usuarios que han implementado el verificador nativo Groth16 o lo est\u00e1n utilizando con m\u00faltiples compromisos. No tenemos informaci\u00f3n de dichos usuarios. El problema se ha solucionado en la versi\u00f3n 0.11.0. Como workaround, los usuarios deben seguir la recomendaci\u00f3n de los mantenedores de gnark de usar solo un \u00fanico compromiso y luego derivar compromisos en circuito seg\u00fan sea necesario utilizando el paquete `std/multicommit`."}], "id": "CVE-2024-45039", "lastModified": "2024-09-20T00:12:48.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-06T13:15:04.400", "references": [{"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://github.com/Consensys/gnark/commit/e7c66b000454f4d2a4ae48c005c34154d4cfc2a2"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/Consensys/gnark/security/advisories/GHSA-q3hw-3gm4-w5cr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}