CVE-2023-44273

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 28, 2023

Updated: Oct 2, 2023

CWE ID 502

Summary

CVE-2023-44273 is a vulnerability affecting Consensys gnark-crypto up to version 0.11.2. This issue allows signature malleability, enabling an attacker to modify the signature of a message without altering its verification. The root cause is the lack of proper deserialization checks for EdDSA and ECDSA signatures, allowing data outside the intended interval to be processed. This vulnerability poses a significant risk to the integrity of digital signatures and could lead to unauthorized access or data manipulation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ConsenSys

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s0S4Fl
https://www.cve.org/CVERecord?id=CVE-2023-44273
https://nvd.nist.gov/vuln/detail/CVE-2023-44273

Back to Vulnerability Database

CVE-2023-44273

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations