Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenVM byte decomposition of pc in AUIPC chip can overflow
Vulnerability Description
OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in the if statement never being triggered because the enumeration gives i=0,1,2, when instead the enumeration should give i=1,2,3, leaving pc_limbs[3] range checked to 8-bits instead of 6-bits. This leads to a vulnerability where the pc_limbs decomposition differs from the true pc, which means a malicious prover can make the destination register take a different value than the AUIPC instruction dictates, by making the decomposition overflow the BabyBear field. This issue has been patched in version 1.1.0.
CVSS Information
N/A
Vulnerability Type
缓冲区大小计算不正确
Vulnerability Title
OpenVM 安全漏洞
Vulnerability Description
OpenVM是OpenVM开源的一个为定制和可扩展性而构建的高性能和模块化zkVM框架。 OpenVM 1.0.0版本存在安全漏洞,该漏洞源于AUIPC芯片中pc字节分解溢出,可能导致恶意证明者使目标寄存器取不同值。
CVSS Information
N/A
Vulnerability Type
N/A