VDB
CVE-2024-45039
CVE-2024-45039
PUBLISHED
CVSS 6.199999809265137 MEDIUM
gnark's Groth16 commitment extension unsound for more than one commitment
EPSS 0.05% · 17.5th percentile
Risk Scores
CVSS v3.1
6.199999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.05%
17.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| consensys | gnark-crypto | 0 |
| github.com | consensys/gnark | 0 |
| Consensys | gnark | < 0.11.0 |
| consensys | gnark | 0 |
Timeline
- Jan 21, 1970 Security Advisory
- Sep 6, 2024 CVE Published
- Sep 6, 2024 PoC Published
- Sep 7, 2024 EPSS Score
- Sep 27, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 17, 2024 EPSS Score
- Oct 31, 2024 Coalition ESS Score
- Nov 6, 2024 EPSS Score
- Nov 7, 2024 Coalition ESS Score
- Nov 20, 2024 CVE Updated
- Nov 26, 2024 EPSS Score
References
- https://github.com/Consensys/gnark/security/advisories/GHSA-q3hw-3gm4-w5cr url
- https://github.com/Consensys/gnark/commit/e7c66b000454f4d2a4ae48c005c34154d4cfc2a2 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-45039 advisory
- https://github.com/Consensys/gnark package
- https://pkg.go.dev/vuln/GO-2024-3122 url