GHSA-9xfq-8j3r-xp5g: Duplicate Advisory: Consensys gnark-crypto allows Signature Malleability

September 28, 2023 (updated January 22, 2026)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-fr8m-434r-g3xp. This link is maintained to preserve external references.

Original Description

Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.

References

github.com/Consensys/gnark-crypto
github.com/Consensys/gnark-crypto/pull/449
github.com/Consensys/gnark-crypto/releases
github.com/Consensys/gnark-crypto/releases/tag/v0.12.0
github.com/advisories/GHSA-9xfq-8j3r-xp5g
nvd.nist.gov/vuln/detail/CVE-2023-44273
verichains.io/

Code Behaviors & Features

Detect and mitigate GHSA-9xfq-8j3r-xp5g with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →