Skip to content

Commit

Permalink
data/reports: review GO-2024-3122
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-3122.yaml

Fixes #3122

Change-Id: I378a46511dd58191591d9d6e3d8caf9a6c902771
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/635703
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
  • Loading branch information
@tatianab @gopherbot
tatianab authored and gopherbot committed Dec 12, 2024
1 parent 156c317 commit dc9d1b0
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 11 deletions.
10 changes: 3 additions & 7 deletions data/osv/GO-2024-3122.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
"CVE-2024-45039",
"GHSA-q3hw-3gm4-w5cr"
],
"summary": "gnark's Groth16 commitment extension unsound for more than one commitment in github.com/consensys/gnark",
"details": "gnark's Groth16 commitment extension unsound for more than one commitment in github.com/consensys/gnark",
"summary": "Groth16 commitment extension unsound for more than one commitment in github.com/consensys/gnark",
"details": "Groth16 commitment extension unsound for more than one commitment in github.com/consensys/gnark",
"affected": [
{
"package": {
Expand All @@ -35,14 +35,10 @@
{
"type": "ADVISORY",
"url": "https://github.com/Consensys/gnark/security/advisories/GHSA-q3hw-3gm4-w5cr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45039"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3122",
"review_status": "UNREVIEWED"
"review_status": "REVIEWED"
}
}
11 changes: 7 additions & 4 deletions data/reports/GO-2024-3122.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,18 @@ modules:
versions:
- fixed: 0.11.0
vulnerable_at: 0.10.0
summary: gnark's Groth16 commitment extension unsound for more than one commitment in github.com/consensys/gnark
summary: |-
Groth16 commitment extension unsound for more than one commitment in
github.com/consensys/gnark
cves:
- CVE-2024-45039
ghsas:
- GHSA-q3hw-3gm4-w5cr
references:
- advisory: https://github.com/Consensys/gnark/security/advisories/GHSA-q3hw-3gm4-w5cr
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-45039
notes:
- The fix mentioned in the advisory (https://github.com/Consensys/gnark/commit/e7c66b000454f4d2a4ae48c005c34154d4cfc2a2) does not exist, and I was not able to locate the real fix.
source:
id: GHSA-q3hw-3gm4-w5cr
created: 2024-11-12T11:30:11.924411-05:00
review_status: NEEDS_REVIEW
created: 2024-12-12T14:10:57.751829-05:00
review_status: REVIEWED

0 comments on commit dc9d1b0

Please sign in to comment.