CNNVD-202506-3129 Information
CNNVD ID
CNNVD-202506-3129
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
RISC Zero Ethereum是RISC Zero开源的一个计算平台。 RISC Zero Ethereum 2.1.1和2.2.0之前版本存在安全漏洞,该漏洞源于Steel.validateCommitment函数对摘要值为零的承诺返回true,可能导致语义违反。
Description (English)
RISC Zero Ethereum is a calculation platform for RISC Zero open source. There is a security loophole in the previous versions of RISC Zero Ethereum 2.1.1 and 2.2. This leak stems from the commitment of the Steel.validate Commission to a zero summary value to return to True, which may result in a synonym violation.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
RISC Zero
Published
2025-06-24
Last Modified
2026-02-24
References
https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63 https://github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98 https://github.com/risc0/risc0-ethereum/pull/605 https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1 https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0 https://github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2 https://access.redhat.com/security/cve/cve-2025-52884
Patch
https://github.com/risc0/risc0-ethereum/releases
Share on: