CVE-2023-33252

CVE-2023-33252

EPSS 0.6%CWE-862

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/iden3/snarkjs/commits/master/src/groth16_verify.js https://github.com/iden3/snarkjs/tags