Openvm
Monthly
Pairing soundness flaw in OpenVM's openvm-pairing guest library prior to version 1.6.0 allows attackers to produce zero-knowledge proofs that pass a pairing check despite being mathematically invalid, because the try_honest_pairing_check function fails to verify that the scaling factor s lies in a proper subfield of Fp12 as required by Theorem 3 of eprint 2024/640. The vulnerability carries an 8.7 CVSS 4.0 score with high integrity impact and no confidentiality or availability impact, and no public exploit identified at time of analysis. The vendor patched it in OpenVM v1.6.0 as part of a coordinated security release addressing four advisories.
Pairing soundness flaw in OpenVM's openvm-pairing guest library prior to version 1.6.0 allows attackers to produce zero-knowledge proofs that pass a pairing check despite being mathematically invalid, because the try_honest_pairing_check function fails to verify that the scaling factor s lies in a proper subfield of Fp12 as required by Theorem 3 of eprint 2024/640. The vulnerability carries an 8.7 CVSS 4.0 score with high integrity impact and no confidentiality or availability impact, and no public exploit identified at time of analysis. The vendor patched it in OpenVM v1.6.0 as part of a coordinated security release addressing four advisories.