Moderate severityNVD Advisory· Published Sep 28, 2023· Updated Sep 23, 2024
CVE-2023-44273
CVE-2023-44273
Description
Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/consensys/gnark-cryptoGo | < 0.12.0 | 0.12.0 |
Affected products
2- Consensys/gnark-cryptodescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-fr8m-434r-g3xpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-44273ghsaADVISORY
- github.com/Consensys/gnark-crypto/pull/449ghsaWEB
- github.com/Consensys/gnark-crypto/releases/tag/v0.12.0ghsaWEB
- github.com/Consensys/gnark-crypto/security/advisories/GHSA-fr8m-434r-g3xpghsaWEB
- go.dev/blog/defer-panic-and-recoverghsaWEB
- github.com/Consensys/gnark-crypto/releasesmitre
- verichains.iomitre
News mentions
0No linked articles in our index yet.