CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44378 – gnark vulnerable to unsoundness in variable comparison/non-unique binary decomposition
https://notcve.org/view.php?id=CVE-2023-44378
gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods. gnark es una librería zk-SNARK que ofrece una API de alto nivel para diseñar circuitos. • https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f https://github.com/Consensys/gnark/security/advisories/GHSA-498w-5j49-vqjg https://github.com/zkopru-network/zkopru/issues/116 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-697: Incorrect Comparison •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41175 – Libtiff: potential integer overflow in raw2tiff.c
https://notcve.org/view.php?id=CVE-2023-41175
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. • https://access.redhat.com/errata/RHSA-2024:2289 https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40745 – Libtiff: integer overflow in tiffcp.c
https://notcve.org/view.php?id=CVE-2023-40745
LibTIFF is vulnerable to an integer overflow. • https://access.redhat.com/errata/RHSA-2024:2289 https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://security.netapp.com/advisory/ntap-20231110-0005 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43787 – Libx11: integer overflow in xcreateimage() leading to a heap overflow
https://notcve.org/view.php?id=CVE-2023-43787
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. • http://www.openwall.com/lists/oss-security/2024/01/24/9 https://access.redhat.com/errata/RHSA-2024:2145 https://access.redhat.com/errata/RHSA-2024:2973 https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two https://security.netapp.com/advisory/ntap-20231103-0006 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 6.7EPSS: 0%CPEs: 20EXPL: 0CVE-2023-32829
https://notcve.org/view.php?id=CVE-2023-32829
In apusys, there is a possible out of bounds write due to an integer overflow. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-190: Integer Overflow or Wraparound •