Vulnerabilities > CVE-2023-44273 - Deserialization of Untrusted Data vulnerability in Consensys Gnark-Crypto

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
consensys
CWE-502
critical
NVD
Published: 2023-09-28
Updated: 2023-10-02

Summary

Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.

Vulnerable Configurations

Part Description Count
Application
Consensys
30

Common Weakness Enumeration (CWE)

References