Vulnerability Report: GO-2025-4087

GHSA-fj2x-735w-74vq
Affects: github.com/consensys/gnark-crypto
Published: Nov 05, 2025

Unchecked memory allocation during vector deserialization in github.com/consensys/gnark-crypto

For detailed information about this vulnerability, visit https://github.com/Consensys/gnark-crypto/security/advisories/GHSA-fj2x-735w-74vq.

Affected Packages

Path

Versions

Symbols
github.com/consensys/gnark-crypto/ecc/secp256k1/fr

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bw6-633/fp

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bls12-377/fp

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bls12-381/fp

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/grumpkin/fp

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bw6-633/fr

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bls12-377/fr

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bls24-315/fr

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/field/babybear

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/stark-curve/fr

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/grumpkin/fr

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bn254/fp

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bls24-317/fr

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/field/goldilocks

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bn254/fr

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bls12-381/fr

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/secp256k1/fp

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/field/koalabear

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bls24-315/fp

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/stark-curve/fp

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bw6-761/fp

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bls24-317/fp

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2
github.com/consensys/gnark-crypto/ecc/bw6-761/fr

from v0.9.1 before v0.18.1, from v0.19.0 before v0.19.2

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Vulnerability Report: GO-2025-4087

Affected Packages

Aliases

References

Feedback