CNNVD-202510-386 Information

CNNVD ID

CNNVD-202510-386

Related CVE

CVE-2025-61588

• CNNVD Published: 2025-10-02

Description (Chinese)

RISC Zero Ethereum是RISC Zero开源的一个计算平台。 RISC Zero Ethereum存在代码注入漏洞，该漏洞源于主机可利用特制响应写入访客任意内存位置，可能导致执行任意代码。

Description (English)

RISC Zero Ethereum is a calculation platform for RISC Zero open source. RISC Zero Ethereum has a code-infusion loophole, which stems from the fact that the host can write to a visitor ’ s memory at any location with a customized response, which may lead to the enforcement of any code.

Hazard Level

Low

Vulnerability Type

代码注入

Affected Vendor

RISC Zero

Published

2025-10-02

Last Modified

2026-02-24

References

https://github.com/risc0/risc0/commit/3f00e1fa0159599c1601e788021f2169d1f0a4dc https://github.com/risc0/risc0/pull/3351 https://github.com/risc0/risc0/security/advisories/GHSA-jqq4-c7wq-36h7

Patch

https://github.com/risc0/risc0/releases