CVE-2024-50354 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-50354 PUBLISHED CVSS 5.5 MEDIUM

Gnark out-of-memory during deserialization with crafted inputs

EPSS 0.09% · 25.7th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.09%

25.7th percentile

Affected Products

Vendor	Product	Versions
consensys	gnark	0, 0
consensys	gnark	0, 0
Consensys	gnark	<= 0.11.0, *
github.com	consensys/gnark	0, 0

Timeline

Jan 21, 1970 Fix PR Merged
Jan 21, 1970 Security Advisory
Oct 31, 2024 CVE Published
Oct 31, 2024 Coalition ESS Score
Oct 31, 2024 PoC Published
Nov 1, 2024 EPSS Score
Nov 4, 2024 CVE Updated
Nov 7, 2024 Coalition ESS Score
Nov 19, 2024 EPSS Score
Dec 7, 2024 EPSS Score
Dec 25, 2024 EPSS Score
Jan 11, 2025 EPSS Score

References

Open in Interactive Console →