CVE-2023-33252

CVE-2023-33252

EPSS 0.6%CWE-862

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/iden3/snarkjs/commits/master/src/groth16_verify.js https://github.com/iden3/snarkjs/tags