gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been patched in version 0.13.0.
History

Tue, 02 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 31 Aug 2025 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Consensys
Consensys gnark
Vendors & Products Consensys
Consensys gnark

Fri, 29 Aug 2025 21:30:00 +0000

Type Values Removed Values Added
Description gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been patched in version 0.13.0.
Title gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-09-02T14:09:48.386Z

Reserved: 2025-08-27T13:34:56.186Z

Link: CVE-2025-58157

cve-icon Vulnrichment

Updated: 2025-09-02T14:09:44.231Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-29T22:15:32.700

Modified: 2025-09-02T15:55:35.520

Link: CVE-2025-58157

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-31T08:41:34Z