x/vulndb: potential Go vuln in github.com/consensys/gnark: GHSA-9fvj-xqr2-xwg8 #3929
Description
Advisory GHSA-9fvj-xqr2-xwg8 references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/consensys/gnark |
Description:
Impact
For optimizing the scalar multiplication algorithm in circuit for some curves, gnark uses fake-GLV algorithm in case the curve doesn't support true-GLV. For this to work, we need to compute the scalar decomposition using the Half GCD method in gnark-crypto. However, for some of the inputs the algorithm didn't converge quickly enough.
In case the prover accepts untrusted witness, it could lead to denial of service as the prover gets stuck in a very slowly converging loop.
Thanks to @feltroidprime for reporting the issue and proposing a fix.
Patches
The issue has been patched...
References:
- ADVISORY: GHSA-9fvj-xqr2-xwg8
- ADVISORY: GHSA-9fvj-xqr2-xwg8
- FIX: Consensys/gnark-crypto@5660088
- FIX: Consensys/gnark@68be6ce
- REPORT: bug: Eisenstein HalfGCD Hint computation doesn't converge for (order -2, order -3, order - 4, ...) Consensys/gnark#1483
Cross references:
- github.com/consensys/gnark appears in 6 other report(s):
- data/reports/GO-2023-2098.yaml (x/vulndb: potential Go vuln in github.com/consensys/gnark: GHSA-498w-5j49-vqjg #2098)
- data/reports/GO-2023-2119.yaml (x/vulndb: potential Go vuln in github.com/consensys/gnark: GHSA-7p92-x423-vwj6 #2119)
- data/reports/GO-2023-2333.yaml (x/vulndb: potential Go vuln in github.com/consensys/gnark: GHSA-rjjm-x32p-m3f7 #2333)
- data/reports/GO-2024-3122.yaml (x/vulndb: potential Go vuln in github.com/Consensys/gnark: CVE-2024-45039 #3122)
- data/reports/GO-2024-3123.yaml (x/vulndb: potential Go vuln in github.com/Consensys/gnark: CVE-2024-45040 #3123)
- data/reports/GO-2024-3244.yaml (x/vulndb: potential Go vuln in github.com/Consensys/gnark: CVE-2024-50354 #3244)
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/consensys/gnark
non_go_versions:
- introduced: TODO (earliest fixed "0.13.0", vuln range "= 0.12.0")
vulnerable_at: 0.14.0
summary: |-
gnark affected by denial of service when computing scalar multiplication using
fake-GLV algorithm in github.com/consensys/gnark
cves:
- CVE-2025-58157
ghsas:
- GHSA-9fvj-xqr2-xwg8
references:
- advisory: https://github.com/Consensys/gnark/security/advisories/GHSA-9fvj-xqr2-xwg8
- advisory: https://github.com/advisories/GHSA-9fvj-xqr2-xwg8
- fix: https://github.com/Consensys/gnark-crypto/commit/56600883e0e9f9b159e9c7000b94e76185ec3d0d
- fix: https://github.com/Consensys/gnark/commit/68be6cede36e387ab760725beabd3c96cc94e6dc
- report: https://github.com/Consensys/gnark/issues/1483
source:
id: GHSA-9fvj-xqr2-xwg8
created: 2025-08-29T21:01:14.73184198Z
review_status: UNREVIEWED