How severe is CVE-2023-44378?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-44378?

This is classified as CWE-191, which is a common weakness in software security.

CVE-2023-44378 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods.

Related Vulnerabilities

CVE-2015-1208

MEDIUM

CVSS:5.5(Medium)

Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 f...

CWE-1912015

CVE-2017-13666

MEDIUM

CVSS:5.5(Medium)

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can ...

CWE-1912017

CVE-2017-15874

MEDIUM

CVSS:5.5(Medium)

archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.

CWE-1912017

CVE-2017-8906

MEDIUM

CVSS:5.5(Medium)

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and oth...

CWE-1912017

CVE-2018-5865

MEDIUM

CVSS:5.5(Medium)

While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an i...

CWE-1912018

CVE-2019-1628

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condit...

CWE-1912019