Login Sign Up

CVE-2024-45040

5.9 MEDIUM

📋 TL;DR

This vulnerability in gnark's Groth16 implementation breaks zero-knowledge property for proofs with commitments, allowing attackers to potentially deduce small private witness values through enumeration. It affects users of gnark library versions before 0.11.0 who generate Groth16 proofs with commitments. PLONK proofs are not affected.

💻 Affected Systems

Products:
  • gnark zk-SNARK library
Versions: All versions before 0.11.0
Operating Systems: All platforms running gnark
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Groth16 proofs with commitments; PLONK proofs are safe. Requires specific proof generation with commitments enabled.

📦 What is this software?

Gnark Crypto by Consensys

View all CVEs affecting Gnark Crypto →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disclosure of small private witness values in zero-knowledge proofs, compromising confidentiality of sensitive data.

🟠

Likely Case

Partial information leakage about witness values when they have limited possible values, reducing privacy guarantees.

🟢

If Mitigated

No information leakage when witness values have large possible ranges or many values are committed.

🌐 Internet-Facing: MEDIUM - Exploitation requires access to generated proofs but doesn't require authentication.
🏢 Internal Only: MEDIUM - Same technical risk but limited to internal systems using vulnerable gnark versions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires analyzing generated proofs and enumerating possible witness values. No authentication needed to access proofs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.11.0

Vendor Advisory: https://github.com/Consensys/gnark/security/advisories/GHSA-9xcg-3q8v-7fq6

Restart Required: No

Instructions:

1. Update gnark dependency to version 0.11.0 or later. 2. Rebuild and redeploy applications using gnark. 3. Regenerate any stored proofs created with vulnerable versions.

🔧 Temporary Workarounds

Manual randomization workaround

all

Manually commit to an additional randomized value to mask other committed values

// In proof generation code, add commitment to random value
// Example: circuit.Commit(randomValue)

🧯 If You Can't Patch

  • Avoid using Groth16 proofs with commitments in vulnerable versions
  • Use PLONK proofs instead of Groth16 where commitments are needed

🔍 How to Verify

Check if Vulnerable:

Check gnark version in go.mod or import statements - versions <0.11.0 are vulnerable if using Groth16 with commitments.

Check Version:

go list -m github.com/consensys/gnark

Verify Fix Applied:

Verify gnark version is 0.11.0 or later and review code to ensure Groth16 proofs with commitments use updated API.

📡 Detection & Monitoring

Log Indicators:

  • Generation of Groth16 proofs with commitments using gnark <0.11.0

Network Indicators:

  • Transmission of potentially vulnerable Groth16 proofs

SIEM Query:

Application logs containing 'gnark' AND version < '0.11.0' AND 'Groth16' AND 'commit'

📊 Metadata

CVE ID: CVE-2024-45040
CVSS v3 Score: 5.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: September 6, 2024
Last Updated: September 20, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45040, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)