Home > Vulnerability Database > CVE-2023-33252

Mend.io Vulnerability Database

CVE-2023-33252

Good to know:

Date: May 20, 2023

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus. After conducting further research, Mend has determined that versions 0.3.0 - 0.6.11 of snarkjs are vulnerable to CVE-2023-33252.

Language: JS

Severity Score

7.5

Related Resources (5)

Url: https://github.com/iden3/snarkjs/tags

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33252

Url: https://github.com/iden3/snarkjs/commits/master/src/groth16_verify.js

Url: https://github.com/iden3/snarkjs

Url: https://www.mend.io/vulnerability-database/CVE-2023-33252

Severity Score

7.5

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33252

Good to know:

Date: May 20, 2023

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?