OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bc17aeb6838cfc331384dc4360a98ca4d56f2320
advisory-db/crates/ark-r1cs-std/RUSTSEC-2021-0075.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

985 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0075"
package = "ark-r1cs-std"
date = "2021-07-08"
categories = ["crypto-failure"]
keywords = ["r1cs", "zksnark", "arkworks"]
url = "https://github.com/arkworks-rs/r1cs-std/pull/70"
aliases = ["CVE-2021-38194", "GHSA-qj3v-q2vj-4c8h"]

[versions]
patched = [">= 0.3.1"]

[affected]
functions = { "ark_r1cs_std::FieldVar::mul_by_inverse" = ["< 0.3.0"] }

Flaw in FieldVar::mul_by_inverse allows unsound R1CS constraint systems

Versions 0.2.0 to 0.3.0 of ark-r1cs-std did not enforce any constraints in the FieldVar::mul_by_inverse method, allowing a malicious prover to produce an unsound proof that passes all verifier checks. This method was used primarily in scalar multiplication for short_weierstrass::ProjectiveVar.

This bug was fixed in commit 47ddbaa, and was released as part of version 0.3.1 on crates.io.