VYPR
Moderate severityNVD Advisory· Published Oct 31, 2024· Updated Oct 31, 2024

Out-of-memory during deserialization with crafted inputs

CVE-2024-50354

Description

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/consensys/gnarkGo
< 0.11.10.11.1

Affected products

8

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.