Signature Malleability Vulnerability in Consensys Gnark-Crypto Library
CVE-2023-44273

9.8CRITICAL

Key Information:

Vendor: Consensys
Status: Gnark-crypto
Vendor: CVE Published:; 28 September 2023

What is CVE-2023-44273?

The gnark-crypto library developed by Consensys is vulnerable to signature malleability due to improper deserialization of EdDSA and ECDSA signatures. This vulnerability allows an attacker to manipulate the digital signature without invalidating it, posing risks to the integrity of cryptographic operations. Specifically, the deserialization process does not adequately ensure that the signature data falls within a specific range, which can lead to unintended consequences in secure communications and data integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://verichains.io

https://github.com/Consensys/gnark-crypto/releases

https://github.com/Consensys/gnark-crypto/pull/449

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 28, 2023
Vulnerability Reserved
Sep 28, 2023

JSON

Consensys

What is CVE-2023-44273?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.