x/vulndb: potential Go vuln in github.com/consensys/gnark-crypto: GHSA-fj2x-735w-74vq #4087
Description
Advisory GHSA-fj2x-735w-74vq references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/consensys/gnark-crypto |
Description:
The issue has been reported by @raefko from @FuzzingLabs. Excerpts from the report:
A critical vulnerability exists in the gnark-crypto library's
Vector.ReadFrom()function that allows an attacker to trigger arbitrary memory allocation by crafting malicious input data. An attacker can cause the verifier to attempt allocating up to 128 GB of memory with a minimal malicious input, leading to out-of-memory crashes and denial of service.Root Cause
The vulnerability stems from unchecked deserialization of attacker-controlled length fields in the gnark-crypto library's...
References:
- ADVISORY: GHSA-fj2x-735w-74vq
- ADVISORY: GHSA-fj2x-735w-74vq
- FIX: Consensys/gnark-crypto@2e7bf91
- FIX: perf: limit memory allocation during Vector deserialization Consensys/gnark-crypto#759
Cross references:
- github.com/consensys/gnark-crypto appears in 2 other report(s):
- data/reports/GO-2023-2096.yaml (x/vulndb: potential Go vuln in github.com/Consensys/gnark-crypto: GHSA-9xfq-8j3r-xp5g #2096)
- data/reports/GO-2023-2101.yaml (x/vulndb: potential Go vuln in https://github.com/consensys/gnark-crypto: GHSA-pffg-92cg-xf5c #2101)
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/consensys/gnark-crypto
versions:
- introduced: 0.9.1
- fixed: 0.18.1
non_go_versions:
- introduced: TODO (earliest fixed "0.19.2", vuln range "= 0.19.0")
vulnerable_at: 0.18.0
summary: gnark-crypto allows unchecked memory allocation during vector deserialization in github.com/consensys/gnark-crypto
ghsas:
- GHSA-fj2x-735w-74vq
references:
- advisory: https://github.com/Consensys/gnark-crypto/security/advisories/GHSA-fj2x-735w-74vq
- advisory: https://github.com/advisories/GHSA-fj2x-735w-74vq
- fix: https://github.com/Consensys/gnark-crypto/commit/2e7bf9190a0aac896eeec3876c87c77a35661be7
- fix: https://github.com/Consensys/gnark-crypto/pull/759
notes:
- fix: 'module merge error: could not merge versions of module github.com/consensys/gnark-crypto: invalid or non-canonical semver version (found TODO (earliest fixed "0.19.2", vuln range "= 0.19.0"))'
source:
id: GHSA-fj2x-735w-74vq
created: 2025-10-30T18:01:18.615093192Z
review_status: UNREVIEWED