Gnark out-of-memory during deserialization with crafted inputs in github.com/consensys/gnark
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2024-3244" }
{ "custom_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.11.1" } ], "type": "ECOSYSTEM" } ], "imports": [ { "path": "github.com/consensys/gnark/backend/groth16/bls24-315", "symbols": [ "ProvingKey.ReadDump", "ProvingKey.ReadFrom", "ProvingKey.UnsafeReadFrom", "ProvingKey.readFrom", "Setup", "VerifyingKey.ReadFrom", "VerifyingKey.UnsafeReadFrom", "VerifyingKey.readFrom" ] }, { "path": "github.com/consensys/gnark/backend/groth16/bn254", "symbols": [ "ProvingKey.ReadDump", "ProvingKey.ReadFrom", "ProvingKey.UnsafeReadFrom", "ProvingKey.readFrom", "Setup", "VerifyingKey.ReadFrom", "VerifyingKey.UnsafeReadFrom", "VerifyingKey.readFrom" ] }, { "path": "github.com/consensys/gnark/backend/groth16/bls24-317", "symbols": [ "ProvingKey.ReadDump", "ProvingKey.ReadFrom", "ProvingKey.UnsafeReadFrom", "ProvingKey.readFrom", "Setup", "VerifyingKey.ReadFrom", "VerifyingKey.UnsafeReadFrom", "VerifyingKey.readFrom" ] }, { "path": "github.com/consensys/gnark/backend/groth16/bw6-633", "symbols": [ "ProvingKey.ReadDump", "ProvingKey.ReadFrom", "ProvingKey.UnsafeReadFrom", "ProvingKey.readFrom", "Setup", "VerifyingKey.ReadFrom", "VerifyingKey.UnsafeReadFrom", "VerifyingKey.readFrom" ] }, { "path": "github.com/consensys/gnark/backend/groth16/bls12-381", "symbols": [ "ProvingKey.ReadDump", "ProvingKey.ReadFrom", "ProvingKey.UnsafeReadFrom", "ProvingKey.readFrom", "Setup", "VerifyingKey.ReadFrom", "VerifyingKey.UnsafeReadFrom", "VerifyingKey.readFrom" ] }, { "path": "github.com/consensys/gnark/backend/groth16/bls12-377", "symbols": [ "ProvingKey.ReadDump", "ProvingKey.ReadFrom", "ProvingKey.UnsafeReadFrom", "ProvingKey.readFrom", "Setup", "VerifyingKey.ReadFrom", "VerifyingKey.UnsafeReadFrom", "VerifyingKey.readFrom" ] }, { "path": "github.com/consensys/gnark/backend/groth16/bw6-761", "symbols": [ "ProvingKey.ReadDump", "ProvingKey.ReadFrom", "ProvingKey.UnsafeReadFrom", "ProvingKey.readFrom", "Setup", "VerifyingKey.ReadFrom", "VerifyingKey.UnsafeReadFrom", "VerifyingKey.readFrom" ] } ] }