{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45040", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-08-21T17:53:51.330Z", "datePublished": "2024-09-06T12:53:30.622Z", "dateUpdated": "2024-09-06T13:57:49.796Z"}, "containers": {"cna": {"title": "gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Consensys/gnark/security/advisories/GHSA-9xcg-3q8v-7fq6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Consensys/gnark/security/advisories/GHSA-9xcg-3q8v-7fq6"}, {"name": "https://github.com/Consensys/gnark/pull/1245", "tags": ["x_refsource_MISC"], "url": "https://github.com/Consensys/gnark/pull/1245"}, {"name": "https://github.com/Consensys/gnark/commit/afda68a38acca37becb8ba6d8982d03fee9559a0", "tags": ["x_refsource_MISC"], "url": "https://github.com/Consensys/gnark/commit/afda68a38acca37becb8ba6d8982d03fee9559a0"}], "affected": [{"vendor": "Consensys", "product": "gnark", "versions": [{"version": "< 0.11.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-06T12:53:30.622Z"}, "descriptions": [{"lang": "en", "value": "gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not affected. The vulnerability affects the zero-knowledge property of the proofs - in case the witness (secret or internal) values are small, then the attacker may be able to enumerate all possible choices to deduce the actual value. If the possible choices for the variables to be committed is large or there are many values committed, then it would be computationally infeasible to enumerate all valid choices. It doesn't affect the completeness/soundness of the proofs. The vulnerability has been fixed in version 0.11.0. The patch to fix the issue is to add additional randomized value to the list of committed value at proving time to mask the rest of the values which were committed. As a workaround, the user can manually commit to a randomized value."}], "source": {"advisory": "GHSA-9xcg-3q8v-7fq6", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "consensys", "product": "gnark", "cpes": ["cpe:2.3:a:consensys:gnark:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.11.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T13:57:02.916086Z", "id": "CVE-2024-45040", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T13:57:49.796Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45040", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-06T13:57:02.916086Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:consensys:gnark:*:*:*:*:*:*:*:*"], "vendor": "consensys", "product": "gnark", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "0.11.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T13:57:43.394Z"}}], "cna": {"title": "gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property", "source": {"advisory": "GHSA-9xcg-3q8v-7fq6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Consensys", "product": "gnark", "versions": [{"status": "affected", "version": "< 0.11.0"}]}], "references": [{"url": "https://github.com/Consensys/gnark/security/advisories/GHSA-9xcg-3q8v-7fq6", "name": "https://github.com/Consensys/gnark/security/advisories/GHSA-9xcg-3q8v-7fq6", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Consensys/gnark/pull/1245", "name": "https://github.com/Consensys/gnark/pull/1245", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/Consensys/gnark/commit/afda68a38acca37becb8ba6d8982d03fee9559a0", "name": "https://github.com/Consensys/gnark/commit/afda68a38acca37becb8ba6d8982d03fee9559a0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not affected. The vulnerability affects the zero-knowledge property of the proofs - in case the witness (secret or internal) values are small, then the attacker may be able to enumerate all possible choices to deduce the actual value. If the possible choices for the variables to be committed is large or there are many values committed, then it would be computationally infeasible to enumerate all valid choices. It doesn't affect the completeness/soundness of the proofs. The vulnerability has been fixed in version 0.11.0. The patch to fix the issue is to add additional randomized value to the list of committed value at proving time to mask the rest of the values which were committed. As a workaround, the user can manually commit to a randomized value."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-06T12:53:30.622Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45040", "state": "PUBLISHED", "dateUpdated": "2024-09-06T13:57:49.796Z", "dateReserved": "2024-08-21T17:53:51.330Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-06T12:53:30.622Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:consensys:gnark-crypto:*:*:*:*:*:*:*:*", "matchCriteriaId": "622EAC41-6FA3-4B4A-948D-81E243DEFAA7", "versionEndExcluding": "0.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not affected. The vulnerability affects the zero-knowledge property of the proofs - in case the witness (secret or internal) values are small, then the attacker may be able to enumerate all possible choices to deduce the actual value. If the possible choices for the variables to be committed is large or there are many values committed, then it would be computationally infeasible to enumerate all valid choices. It doesn't affect the completeness/soundness of the proofs. The vulnerability has been fixed in version 0.11.0. The patch to fix the issue is to add additional randomized value to the list of committed value at proving time to mask the rest of the values which were committed. As a workaround, the user can manually commit to a randomized value."}, {"lang": "es", "value": "gnark es una librer\u00eda zk-SNARK r\u00e1pida que ofrece una API de alto nivel para dise\u00f1ar circuitos. Antes de la versi\u00f3n 0.11.0, los compromisos con testigos privados en Groth16 tal como se implementaron rompen la propiedad de conocimiento cero. La vulnerabilidad afecta solo a las pruebas de Groth16 con compromisos. En particular, las pruebas PLONK no se ven afectadas. La vulnerabilidad afecta la propiedad de conocimiento cero de las pruebas: en caso de que los valores de los testigos (secretos o internos) sean peque\u00f1os, entonces el atacante puede enumerar todas las opciones posibles para deducir el valor real. Si las opciones posibles para las variables que se comprometer\u00e1n son grandes o hay muchos valores comprometidos, entonces ser\u00eda computacionalmente inviable enumerar todas las opciones v\u00e1lidas. No afecta la integridad/solidez de las pruebas. La vulnerabilidad se ha corregido en la versi\u00f3n 0.11.0. El parche para solucionar el problema es agregar un valor aleatorio adicional a la lista de valores comprometidos en el momento de la prueba para enmascarar el resto de los valores que se comprometieron. Como workaround, el usuario puede comprometerse manualmente con un valor aleatorio."}], "id": "CVE-2024-45040", "lastModified": "2024-09-20T00:13:23.323", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-06T13:15:04.893", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Consensys/gnark/commit/afda68a38acca37becb8ba6d8982d03fee9559a0"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/Consensys/gnark/pull/1245"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/Consensys/gnark/security/advisories/GHSA-9xcg-3q8v-7fq6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}