{"id":"GO-2023-2098","summary":"Unsoundness in variable comparison / non-unique binary decomposition in github.com/consensys/gnark","details":"Unsoundness in variable comparison / non-unique binary decomposition in github.com/consensys/gnark","aliases":["CVE-2023-44378","GHSA-498w-5j49-vqjg"],"modified":"2024-05-20T16:03:47Z","published":"2023-10-09T21:29:55Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2023-2098","review_status":"REVIEWED"},"references":[{"type":"REPORT","url":"https://github.com/zkopru-network/zkopru/issues/116"},{"type":"FIX","url":"https://github.com/Consensys/gnark/pull/835"},{"type":"FIX","url":"https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-498w-5j49-vqjg"}],"affected":[{"package":{"name":"github.com/consensys/gnark","ecosystem":"Go","purl":"pkg:golang/github.com/consensys/gnark"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.9.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["builder.AssertIsLessOrEqual","builder.Cmp","builder.ToBinary","builder.mustBeLessOrEqCst","builder.mustBeLessOrEqVar"],"path":"github.com/consensys/gnark/frontend/cs/r1cs"},{"symbols":["builder.AssertIsLessOrEqual","builder.Cmp","builder.ToBinary","builder.mustBeLessOrEqCst","builder.mustBeLessOrEqVar"],"path":"github.com/consensys/gnark/frontend/cs/scs"},{"symbols":["recursiveHint.Define"],"path":"github.com/consensys/gnark/internal/backend/circuits"},{"symbols":["WithNbDigits"],"path":"github.com/consensys/gnark/std/math/bits"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-2098.json"}}],"schema_version":"1.7.3","credits":[{"name":"@kustosz"}]}