CVE-2023-44273
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Sep 28, 2023
Updated: Oct 2, 2023
CWE ID 502
Summary
CVE-2023-44273 is a vulnerability affecting Consensys gnark-crypto up to version 0.11.2. This issue allows signature malleability, enabling an attacker to modify the signature of a message without altering its verification. The root cause is the lack of proper deserialization checks for EdDSA and ECDSA signatures, allowing data outside the intended interval to be processed. This vulnerability poses a significant risk to the integrity of digital signatures and could lead to unauthorized access or data manipulation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- ConsenSys
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2023-44273 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions