Critical severity9.8NVD Advisory· Published Aug 8, 2021· Updated Jun 17, 2026
CVE-2021-38194
CVE-2021-38194
Description
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ark-r1cs-stdcrates.io | >= 0.2.0, < 0.3.1 | 0.3.1 |
Affected products
2- ark-r1cs-std/ark-r1cs-stddescription
Patches
Vulnerability mechanics
References
6- rustsec.org/advisories/RUSTSEC-2021-0075.htmlnvdExploitIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-qj3v-q2vj-4c8hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-38194ghsaADVISORY
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/ark-r1cs-std/RUSTSEC-2021-0075.mdnvdThird Party AdvisoryWEB
- github.com/arkworks-rs/r1cs-std/commit/47ddbaa411afe7c499311a248a38135e5a192b67ghsaWEB
- github.com/arkworks-rs/r1cs-std/pull/70ghsaWEB
News mentions
0No linked articles in our index yet.