CNNVD-202508-2680 Information

CNNVD ID

CNNVD-202508-2680

Related CVE

CVE-2025-57801

• CNNVD Published: 2025-08-22

Description (Chinese)

gnark是Consensys开源的一个快速的 zk-SNARK 库。供高级 API 来设计电路。 gnark 0.14.0之前版本存在数据伪造问题漏洞，该漏洞源于签名验证不完整，可能导致签名可塑性攻击。

Description (English)

gnark is a fast zk-SNARK library of the Connsys open source. For advanced API to design circuits. The previous version of gnark 0.14.0 had a loophole in the problem of data forgery, which stemmed from incomplete signature authentication, which could lead to plastic attacks on signatures.

Hazard Level

Medium

Vulnerability Type

数据伪造问题

Affected Vendor

Consumer

Published

2025-08-22

Last Modified

2026-02-24

References

https://github.com/Consensys/gnark/security/advisories/GHSA-95v9-hv42-pwrj https://github.com/Consensys/gnark/commit/0ba6730f05537a351517998add89a61a0d82716e https://access.redhat.com/security/cve/cve-2025-57801 https://nvd.nist.gov/vuln/detail/CVE-2025-57801

Patch

https://github.com/Consensys/gnark/releases