gnark — Vulnerabilities & Security Advisories 6

All 6 CVE vulnerabilities found in gnark, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-58157	gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm CWE-400	7.5	High	2025-08-29
CVE-2025-57801	gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks CWE-347	7.5^AI	High^AI	2025-08-22
CVE-2024-50354	Out-of-memory during deserialization with crafted inputs CWE-400	5.5	Medium	2024-10-31
CVE-2024-45039	gnark's Groth16 commitment extension unsound for more than one commitment CWE-200	6.2	Medium	2024-09-06
CVE-2024-45040	gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property CWE-200	5.9	Medium	2024-09-06
CVE-2023-44378	gnark vulnerable to unsoundness in variable comparison/non-unique binary decomposition CWE-191	7.1	High	2023-10-09

All 6 known CVE vulnerabilities affecting gnark with full Chinese analysis, references, and POCs where available.