CVE-2025-58157
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4Tags
Description
gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been patched in version 0.13.0.
Analysis
gnark is a zero-knowledge proof system framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical Context
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been patched in version 0.13.0. Affected products include: Consensys Gnark. Version information: version 0.12.0.
Affected Products
Consensys Gnark.
Remediation
A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today