ghsa-cph5-3pgr-c82g
Vulnerability from github
Published
2024-10-31 20:37
Modified
2024-11-04 13:48
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
Gnark out-of-memory during deserialization with crafted inputs
Details

Thanks @pventuzelo for reporting.

From the correspondence:

Hi,

We (Fuzzinglabs & Lambdaclass) found that during deserialization of certain files representing a VerifyingKey, an excessive memory allocation is happening consuming a lot of resources and even triggering a crash with the error fatal error: runtime: out of memory.

Please find the details below:

Vulnerability Details

  • Severity: Critical -> DoS
  • Affected Component: Deserialization

Environment

  • Compiler Version: go version go1.22.2 linux/amd64

  • Distro Version: Ubuntu 24.04.1 LTS

  • Additional Environment Details:

  • [github.com/consensys/gnark](http://github.com/consensys/gnark) v0.11.0
  • [github.com/consensys/gnark-crypto](http://github.com/consensys/gnark-crypto) v0.14.1-0.20240909142611-e6b99e74cec1

Steps to Reproduce

You can download the needed files here: https://drive.google.com/drive/folders/1KQ5I3vv4bUllvqbatGappwbAkIcR2NI_?usp=sharing

You have to run

shell go run gnark_poc.go

in a terminal.

Running the provided code will result in a memory crash or an extremely large memory allocation, which can be observed using the following command:

shell go tool pprof -web mem.pprof

Root Cause Analysis

The provided code loads a VerifyingKey from old.vk by calling the ReadFrom function. This function is implemented in backend/groth16/bn254/marshal.go within the gnark library.

The provided example uses the elliptic curve BN-254, so the code resides in the backend/groth16/bn254/ repertory. However, the same error exists in other repertories, such as backend/groth16/bls12-377/.

At line 207, a slice is allocated with a length of nbCommitments. This variable is directly extracted from the deserialized file, which, in our case, has a value of 2,327,186,600. This large value may be too big for some configurations, leading to memory allocations of approximately ±1 TB, as observed with pprof.

Detailed Behavior

shell go run gnark_poc.go

``` fatal error: runtime: out of memory

runtime stack: runtime.throw({0x5fe946?, 0x2052ae?}) /usr/lib/go-1.22/src/runtime/panic.go:1023 +0x5c fp=0x7ffd65b321a0 sp=0x7ffd65b32170 pc=0x438a9c runtime.sysMapOS(0xc000400000, 0x8ab6400000) /usr/lib/go-1.22/src/runtime/mem_linux.go:167 +0x11b fp=0x7ffd65b321e0 sp=0x7ffd65b321a0 pc=0x418bbb runtime.sysMap(0xc000400000, 0x8ab6400000, 0x7b19c8?) /usr/lib/go-1.22/src/runtime/mem.go:155 +0x34 fp=0x7ffd65b32200 sp=0x7ffd65b321e0 pc=0x418634 runtime.(mheap).grow(0x7a17c0, 0x455b066?) /usr/lib/go-1.22/src/runtime/mheap.go:1534 +0x236 fp=0x7ffd65b32270 sp=0x7ffd65b32200 pc=0x42b176 runtime.(mheap).allocSpan(0x7a17c0, 0x455b066, 0x0, 0x1) /usr/lib/go-1.22/src/runtime/mheap.go:1246 +0x1b0 fp=0x7ffd65b32310 sp=0x7ffd65b32270 pc=0x42a850 runtime.(*mheap).alloc.func1() /usr/lib/go-1.22/src/runtime/mheap.go:964 +0x5c fp=0x7ffd65b32358 sp=0x7ffd65b32310 pc=0x42a2fc runtime.systemstack(0x46d79f) /usr/lib/go-1.22/src/runtime/asm_amd64.s:509 +0x4a fp=0x7ffd65b32368 sp=0x7ffd65b32358 pc=0x46912a

goroutine 1 gp=0xc0000061c0 m=0 mp=0x798ca0 [running]: runtime.systemstack_switch() /usr/lib/go-1.22/src/runtime/asm_amd64.s:474 +0x8 fp=0xc000031b68 sp=0xc000031b58 pc=0x4690c8 runtime.(mheap).alloc(0x5bc040?, 0xc00012bb08?, 0xa0?) /usr/lib/go-1.22/src/runtime/mheap.go:958 +0x5b fp=0xc000031bb0 sp=0xc000031b68 pc=0x42a25b runtime.(mcache).allocLarge(0xc000126510?, 0x8ab60ca800, 0x1) /usr/lib/go-1.22/src/runtime/mcache.go:234 +0x87 fp=0xc000031c00 sp=0xc000031bb0 pc=0x4176e7 runtime.mallocgc(0x8ab60ca800, 0x5d92a0, 0x1) /usr/lib/go-1.22/src/runtime/malloc.go:1165 +0x597 fp=0xc000031c88 sp=0xc000031c00 pc=0x40ef97 runtime.makeslice(0xc00011c180?, 0x0?, 0x2?) /usr/lib/go-1.22/src/runtime/slice.go:107 +0x49 fp=0xc000031cb0 sp=0xc000031c88 pc=0x4500c9 github.com/consensys/gnark/backend/groth16/bn254.(*VerifyingKey).readFrom(0xc0001b7088 /home/raunan/go/pkg/mod/github.com/!ronan!thoraval/gnark@v0.0.0-20241007163125-4c0a7511c3d1/backend/groth16/bn254/marshal.go:214 +0x765 fp=0xc000031ea8 sp=0xc000031cb0 pc=0x59b205 github.com/consensys/gnark/backend/groth16/bn254.(*VerifyingKey).ReadFrom(0x100469020 /home/raunan/go/pkg/mod/github.com/!ronan!thoraval/gnark@v0.0.0-20241007163125-4c0a7511c3d1/backend/groth16/bn254/marshal.go:166 +0x1f fp=0xc000031ed8 sp=0xc000031ea8 pc=0x59aa5f main.main() /home/raunan/gnark_poc/gnark_poc/gnark_poc.go:19 +0xba fp=0xc000031f50 sp=0xc000031ed8 pc=0x5addda runtime.main() /usr/lib/go-1.22/src/runtime/proc.go:271 +0x29d fp=0xc000031fe0 sp=0xc000031f50 pc=0x43b55d runtime.goexit({}) /usr/lib/go-1.22/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc000031fe8 sp=0xc000031fe0 pc=0x46b0e1

goroutine 2 gp=0xc000006c40 m=nil [force gc (idle)]: runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) /usr/lib/go-1.22/src/runtime/proc.go:402 +0xce fp=0xc000074fa8 sp=0xc000074f88 pc=0x43b98e runtime.goparkunlock(...) /usr/lib/go-1.22/src/runtime/proc.go:408 runtime.forcegchelper() /usr/lib/go-1.22/src/runtime/proc.go:326 +0xb3 fp=0xc000074fe0 sp=0xc000074fa8 pc=0x43b813 runtime.goexit({}) /usr/lib/go-1.22/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc000074fe8 sp=0xc000074fe0 pc=0x46b0e1 created by runtime.init.6 in goroutine 1 /usr/lib/go-1.22/src/runtime/proc.go:314 +0x1a

goroutine 3 gp=0xc000007180 m=nil [GC sweep wait]: runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) /usr/lib/go-1.22/src/runtime/proc.go:402 +0xce fp=0xc000075780 sp=0xc000075760 pc=0x43b98e runtime.goparkunlock(...) /usr/lib/go-1.22/src/runtime/proc.go:408 runtime.bgsweep(0xc0000240e0) /usr/lib/go-1.22/src/runtime/mgcsweep.go:278 +0x94 fp=0xc0000757c8 sp=0xc000075780 pc=0x426cf4 runtime.gcenable.gowrap1() /usr/lib/go-1.22/src/runtime/mgc.go:203 +0x25 fp=0xc0000757e0 sp=0xc0000757c8 pc=0x41b845 runtime.goexit({}) /usr/lib/go-1.22/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc0000757e8 sp=0xc0000757e0 pc=0x46b0e1 created by runtime.gcenable in goroutine 1 /usr/lib/go-1.22/src/runtime/mgc.go:203 +0x66

goroutine 4 gp=0xc000007340 m=nil [GC scavenge wait]: runtime.gopark(0xc0000240e0?, 0x657100?, 0x1?, 0x0?, 0xc000007340?) /usr/lib/go-1.22/src/runtime/proc.go:402 +0xce fp=0xc000075f78 sp=0xc000075f58 pc=0x43b98e runtime.goparkunlock(...) /usr/lib/go-1.22/src/runtime/proc.go:408 runtime.(*scavengerState).park(0x797520) /usr/lib/go-1.22/src/runtime/mgcscavenge.go:425 +0x49 fp=0xc000075fa8 sp=0xc000075f78 pc=0x4246e9 runtime.bgscavenge(0xc0000240e0) /usr/lib/go-1.22/src/runtime/mgcscavenge.go:653 +0x3c fp=0xc000075fc8 sp=0xc000075fa8 pc=0x424c7c runtime.gcenable.gowrap2() /usr/lib/go-1.22/src/runtime/mgc.go:204 +0x25 fp=0xc000075fe0 sp=0xc000075fc8 pc=0x41b7e5 runtime.goexit({}) /usr/lib/go-1.22/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc000075fe8 sp=0xc000075fe0 pc=0x46b0e1 created by runtime.gcenable in goroutine 1 /usr/lib/go-1.22/src/runtime/mgc.go:204 +0xa5

goroutine 18 gp=0xc000102700 m=nil [finalizer wait]: runtime.gopark(0xc000074648?, 0x40f445?, 0xa8?, 0x1?, 0xc0000061c0?) /usr/lib/go-1.22/src/runtime/proc.go:402 +0xce fp=0xc000074620 sp=0xc000074600 pc=0x43b98e runtime.runfinq() /usr/lib/go-1.22/src/runtime/mfinal.go:194 +0x107 fp=0xc0000747e0 sp=0xc000074620 pc=0x41a887 runtime.goexit({}) /usr/lib/go-1.22/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc0000747e8 sp=0xc0000747e0 pc=0x46b0e1 created by runtime.createfing in goroutine 1 /usr/lib/go-1.22/src/runtime/mfinal.go:164 +0x3d exit status 2 ```

Appendices

This problem can also happen with ProvingKey.

Impact

Prover and verifier denial of service in case of maliciously crafted inputs (public key, verification key).

Patches

The issue is patched in https://github.com/Consensys/gnark/pull/1307. It was merged to gnark master at https://github.com/Consensys/gnark/commit/47ae846339add2bdf9983e499342bfdfe195191d. The fix will be incorporated in the next minor release of gnark (v0.11.1).

Workarounds

There are no convenient work-arounds currently. The best approach currently is to run key verification as a separate service which halts the verification pipeline in case of OOM when verification keys come from untrusted sources.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.11.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/consensys/gnark"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-50354"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-31T20:37:00Z",
    "nvd_published_at": "2024-10-31T16:15:05Z",
    "severity": "MODERATE"
  },
  "details": "Thanks @pventuzelo for reporting.\n\nFrom the correspondence:\n\n\u003e Hi,\n\u003e \n\u003e We (Fuzzinglabs \u0026 Lambdaclass) found that during deserialization of certain files representing a `VerifyingKey`, an excessive memory allocation is happening consuming a lot of resources and even triggering a crash with the error `fatal error: runtime: out of memory`.\n\u003e \n\u003e Please find the details below:\n\u003e \n\u003e ## Vulnerability Details\n\u003e \n\u003e - **Severity:** Critical -\u003e DoS\n\u003e - **Affected Component:** Deserialization\n\u003e \n\u003e ## Environment\n\u003e \n\u003e - **Compiler Version:** go version go1.22.2 linux/amd64\n\u003e - **Distro Version:** Ubuntu 24.04.1 LTS\n\u003e \n\u003e - **Additional Environment Details:**\n\u003e   - `[github.com/consensys/gnark](http://github.com/consensys/gnark) v0.11.0`\n\u003e   - `[github.com/consensys/gnark-crypto](http://github.com/consensys/gnark-crypto) v0.14.1-0.20240909142611-e6b99e74cec1`\n\u003e \n\u003e ## Steps to Reproduce\n\u003e \n\u003e You can download the needed files here: https://drive.google.com/drive/folders/1KQ5I3vv4bUllvqbatGappwbAkIcR2NI_?usp=sharing\n\u003e \n\u003e You have to run\n\u003e \n\u003e ```shell\n\u003e go run gnark_poc.go\n\u003e ```\n\u003e \n\u003e in a terminal.\n\u003e \n\u003e Running the provided code will result in a memory crash or an extremely large memory allocation, which can be observed using the following command:\n\u003e \n\u003e ```shell\n\u003e go tool pprof -web mem.pprof\n\u003e ```\n\u003e \n\u003e ## Root Cause Analysis\n\u003e \n\u003e The provided code loads a `VerifyingKey` from `old.vk` by calling the `ReadFrom` function. This function is implemented in [backend/groth16/bn254/marshal.go](https://github.com/Consensys/gnark/blob/ca8e1568f47ae6b717eda0a6734d87645edaecf7/backend/groth16/bn254/marshal.go#L174C2-L174C25) within the [gnark](https://github.com/Consensys/gnark) library.\n\u003e \n\u003e The provided example uses the elliptic curve BN-254, so the code resides in the [backend/groth16/bn254/](https://github.com/Consensys/gnark/blob/ca8e1568f47ae6b717eda0a6734d87645edaecf7/backend/groth16/bn254/) repertory. However, the same error exists in other repertories, such as [backend/groth16/bls12-377/](https://github.com/Consensys/gnark/blob/ca8e1568f47ae6b717eda0a6734d87645edaecf7/backend/groth16/bls12-377/).\n\u003e \n\u003e At [line 207](https://github.com/Consensys/gnark/blob/ca8e1568f47ae6b717eda0a6734d87645edaecf7/backend/groth16/bn254/marshal.go#L207), a slice is allocated with a length of `nbCommitments`. This variable is directly extracted from the deserialized file, which, in our case, has a value of `2,327,186,600`. This large value may be too big for some configurations, leading to memory allocations of approximately \u00b11\u202fTB, as observed with `pprof`.\n\u003e \n\u003e ## Detailed Behavior\n\u003e \n\u003e ```shell\n\u003e go run gnark_poc.go\n\u003e ```\n\u003e \n\u003e ```\n\u003e fatal error: runtime: out of memory\n\u003e \n\u003e runtime stack:\n\u003e runtime.throw({0x5fe946?, 0x2052ae?})\n\u003e /usr/lib/go-1.22/src/runtime/panic.go:1023 +0x5c fp=0x7ffd65b321a0 sp=0x7ffd65b32170 pc=0x438a9c\n\u003e runtime.sysMapOS(0xc000400000, 0x8ab6400000)\n\u003e /usr/lib/go-1.22/src/runtime/mem_linux.go:167 +0x11b fp=0x7ffd65b321e0 sp=0x7ffd65b321a0 pc=0x418bbb\n\u003e runtime.sysMap(0xc000400000, 0x8ab6400000, 0x7b19c8?)\n\u003e /usr/lib/go-1.22/src/runtime/mem.go:155 +0x34 fp=0x7ffd65b32200 sp=0x7ffd65b321e0 pc=0x418634\n\u003e runtime.(*mheap).grow(0x7a17c0, 0x455b066?)\n\u003e /usr/lib/go-1.22/src/runtime/mheap.go:1534 +0x236 fp=0x7ffd65b32270 sp=0x7ffd65b32200 pc=0x42b176\n\u003e runtime.(*mheap).allocSpan(0x7a17c0, 0x455b066, 0x0, 0x1)\n\u003e /usr/lib/go-1.22/src/runtime/mheap.go:1246 +0x1b0 fp=0x7ffd65b32310 sp=0x7ffd65b32270 pc=0x42a850\n\u003e runtime.(*mheap).alloc.func1()\n\u003e /usr/lib/go-1.22/src/runtime/mheap.go:964 +0x5c fp=0x7ffd65b32358 sp=0x7ffd65b32310 pc=0x42a2fc\n\u003e runtime.systemstack(0x46d79f)\n\u003e /usr/lib/go-1.22/src/runtime/asm_amd64.s:509 +0x4a fp=0x7ffd65b32368 sp=0x7ffd65b32358 pc=0x46912a\n\u003e \n\u003e goroutine 1 gp=0xc0000061c0 m=0 mp=0x798ca0 [running]:\n\u003e runtime.systemstack_switch()\n\u003e /usr/lib/go-1.22/src/runtime/asm_amd64.s:474 +0x8 fp=0xc000031b68 sp=0xc000031b58 pc=0x4690c8\n\u003e runtime.(*mheap).alloc(0x5bc040?, 0xc00012bb08?, 0xa0?)\n\u003e /usr/lib/go-1.22/src/runtime/mheap.go:958 +0x5b fp=0xc000031bb0 sp=0xc000031b68 pc=0x42a25b\n\u003e runtime.(*mcache).allocLarge(0xc000126510?, 0x8ab60ca800, 0x1)\n\u003e /usr/lib/go-1.22/src/runtime/mcache.go:234 +0x87 fp=0xc000031c00 sp=0xc000031bb0 pc=0x4176e7\n\u003e runtime.mallocgc(0x8ab60ca800, 0x5d92a0, 0x1)\n\u003e /usr/lib/go-1.22/src/runtime/malloc.go:1165 +0x597 fp=0xc000031c88 sp=0xc000031c00 pc=0x40ef97\n\u003e runtime.makeslice(0xc00011c180?, 0x0?, 0x2?)\n\u003e /usr/lib/go-1.22/src/runtime/slice.go:107 +0x49 fp=0xc000031cb0 sp=0xc000031c88 pc=0x4500c9\n\u003e [github.com/consensys/gnark/backend/groth16/bn254.(*VerifyingKey).readFrom(0xc0001b7088](http://github.com/consensys/gnark/backend/groth16/bn254.(*VerifyingKey).readFrom(0xc0001b7088), {0x6598a0, 0xc00011dc50}, 0x0)\n\u003e /home/raunan/go/pkg/mod/[github.com/!ronan!thoraval/gnark@v0.0.0-20241007163125-4c0a7511c3d1/backend/groth16/bn254/marshal.go:214](http://github.com/!ronan!thoraval/gnark@v0.0.0-20241007163125-4c0a7511c3d1/backend/groth16/bn254/marshal.go:214) +0x765 fp=0xc000031ea8 sp=0xc000031cb0 pc=0x59b205\n\u003e [github.com/consensys/gnark/backend/groth16/bn254.(*VerifyingKey).ReadFrom(0x100469020](http://github.com/consensys/gnark/backend/groth16/bn254.(*VerifyingKey).ReadFrom(0x100469020)?, {0x6598a0?, 0xc00011dc50?})\n\u003e /home/raunan/go/pkg/mod/[github.com/!ronan!thoraval/gnark@v0.0.0-20241007163125-4c0a7511c3d1/backend/groth16/bn254/marshal.go:166](http://github.com/!ronan!thoraval/gnark@v0.0.0-20241007163125-4c0a7511c3d1/backend/groth16/bn254/marshal.go:166) +0x1f fp=0xc000031ed8 sp=0xc000031ea8 pc=0x59aa5f\n\u003e main.main()\n\u003e /home/raunan/gnark_poc/gnark_poc/gnark_poc.go:19 +0xba fp=0xc000031f50 sp=0xc000031ed8 pc=0x5addda\n\u003e runtime.main()\n\u003e /usr/lib/go-1.22/src/runtime/proc.go:271 +0x29d fp=0xc000031fe0 sp=0xc000031f50 pc=0x43b55d\n\u003e runtime.goexit({})\n\u003e /usr/lib/go-1.22/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc000031fe8 sp=0xc000031fe0 pc=0x46b0e1\n\u003e \n\u003e goroutine 2 gp=0xc000006c40 m=nil [force gc (idle)]:\n\u003e runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)\n\u003e /usr/lib/go-1.22/src/runtime/proc.go:402 +0xce fp=0xc000074fa8 sp=0xc000074f88 pc=0x43b98e\n\u003e runtime.goparkunlock(...)\n\u003e /usr/lib/go-1.22/src/runtime/proc.go:408\n\u003e runtime.forcegchelper()\n\u003e /usr/lib/go-1.22/src/runtime/proc.go:326 +0xb3 fp=0xc000074fe0 sp=0xc000074fa8 pc=0x43b813\n\u003e runtime.goexit({})\n\u003e /usr/lib/go-1.22/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc000074fe8 sp=0xc000074fe0 pc=0x46b0e1\n\u003e created by runtime.init.6 in goroutine 1\n\u003e /usr/lib/go-1.22/src/runtime/proc.go:314 +0x1a\n\u003e \n\u003e goroutine 3 gp=0xc000007180 m=nil [GC sweep wait]:\n\u003e runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)\n\u003e /usr/lib/go-1.22/src/runtime/proc.go:402 +0xce fp=0xc000075780 sp=0xc000075760 pc=0x43b98e\n\u003e runtime.goparkunlock(...)\n\u003e /usr/lib/go-1.22/src/runtime/proc.go:408\n\u003e runtime.bgsweep(0xc0000240e0)\n\u003e /usr/lib/go-1.22/src/runtime/mgcsweep.go:278 +0x94 fp=0xc0000757c8 sp=0xc000075780 pc=0x426cf4\n\u003e runtime.gcenable.gowrap1()\n\u003e /usr/lib/go-1.22/src/runtime/mgc.go:203 +0x25 fp=0xc0000757e0 sp=0xc0000757c8 pc=0x41b845\n\u003e runtime.goexit({})\n\u003e /usr/lib/go-1.22/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc0000757e8 sp=0xc0000757e0 pc=0x46b0e1\n\u003e created by runtime.gcenable in goroutine 1\n\u003e /usr/lib/go-1.22/src/runtime/mgc.go:203 +0x66\n\u003e \n\u003e goroutine 4 gp=0xc000007340 m=nil [GC scavenge wait]:\n\u003e runtime.gopark(0xc0000240e0?, 0x657100?, 0x1?, 0x0?, 0xc000007340?)\n\u003e /usr/lib/go-1.22/src/runtime/proc.go:402 +0xce fp=0xc000075f78 sp=0xc000075f58 pc=0x43b98e\n\u003e runtime.goparkunlock(...)\n\u003e /usr/lib/go-1.22/src/runtime/proc.go:408\n\u003e runtime.(*scavengerState).park(0x797520)\n\u003e /usr/lib/go-1.22/src/runtime/mgcscavenge.go:425 +0x49 fp=0xc000075fa8 sp=0xc000075f78 pc=0x4246e9\n\u003e runtime.bgscavenge(0xc0000240e0)\n\u003e /usr/lib/go-1.22/src/runtime/mgcscavenge.go:653 +0x3c fp=0xc000075fc8 sp=0xc000075fa8 pc=0x424c7c\n\u003e runtime.gcenable.gowrap2()\n\u003e /usr/lib/go-1.22/src/runtime/mgc.go:204 +0x25 fp=0xc000075fe0 sp=0xc000075fc8 pc=0x41b7e5\n\u003e runtime.goexit({})\n\u003e /usr/lib/go-1.22/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc000075fe8 sp=0xc000075fe0 pc=0x46b0e1\n\u003e created by runtime.gcenable in goroutine 1\n\u003e /usr/lib/go-1.22/src/runtime/mgc.go:204 +0xa5\n\u003e \n\u003e goroutine 18 gp=0xc000102700 m=nil [finalizer wait]:\n\u003e runtime.gopark(0xc000074648?, 0x40f445?, 0xa8?, 0x1?, 0xc0000061c0?)\n\u003e /usr/lib/go-1.22/src/runtime/proc.go:402 +0xce fp=0xc000074620 sp=0xc000074600 pc=0x43b98e\n\u003e runtime.runfinq()\n\u003e /usr/lib/go-1.22/src/runtime/mfinal.go:194 +0x107 fp=0xc0000747e0 sp=0xc000074620 pc=0x41a887\n\u003e runtime.goexit({})\n\u003e /usr/lib/go-1.22/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc0000747e8 sp=0xc0000747e0 pc=0x46b0e1\n\u003e created by runtime.createfing in goroutine 1\n\u003e /usr/lib/go-1.22/src/runtime/mfinal.go:164 +0x3d\n\u003e exit status 2\n\u003e ```\n\u003e \n\u003e ## Appendices\n\u003e \n\u003e This problem can also happen with `ProvingKey`.\n\n### Impact\n\nProver and verifier denial of service in case of maliciously crafted inputs (public key, verification key).\n\n### Patches\n\nThe issue is patched in https://github.com/Consensys/gnark/pull/1307. It was merged to gnark master at https://github.com/Consensys/gnark/commit/47ae846339add2bdf9983e499342bfdfe195191d. The fix will be incorporated in the next minor release of gnark (v0.11.1).\n\n### Workarounds\n\nThere are no convenient work-arounds currently. The best approach currently is to run key verification as a separate service which halts the verification pipeline in case of OOM when verification keys come from untrusted sources.",
  "id": "GHSA-cph5-3pgr-c82g",
  "modified": "2024-11-04T13:48:55Z",
  "published": "2024-10-31T20:37:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Consensys/gnark/security/advisories/GHSA-cph5-3pgr-c82g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50354"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Consensys/gnark/pull/1307"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Consensys/gnark/commit/47ae846339add2bdf9983e499342bfdfe195191d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Consensys/gnark"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-cph5-3pgr-c82g"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Gnark out-of-memory during deserialization with crafted inputs"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.