N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-8m24-3cfx-9fjw

EPSS Score

CWE

Published

11/8/2024

Updated

11/8/2024

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-8m24-3cfx-9fjw

GHSA-8m24-3cfx-9fjw: sp1 has insufficient observation of cumulative sum

During proof generation, the prover must observe all values sent to the verifier to generate valid Fiat-Shamir challenges. Prior to v3.0.0 the cumulative sum of the permutation argument was not observed when sampling zeta, which is a random challenge sampled to force the constraints to be true. In v3.0.0, this is fixed by observing the cumulative sum into the challenger, which can is done by observing the commit to the entire permutation trace.

While this vulnerability is theoretically present in v2.0.0 and below, exploiting it is quite a difficult task as the cumulative sum one can get from manipulation is essentially random. It requires practically infeasible amount of computation and deep knowledge of cryptographic attacks to carry out.

This issue was discovered during the audit of SP1 V3.0.0 and was officially fixed on October 17th. Out of abundance of caution, we will be deprecating all versions of SP1 before 3.0.0.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-8m24-3cfx-9fjw

EPSS Score

CWE

Published

11/8/2024

Updated

11/8/2024

KEV Status

Technology

Rust

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
sp1-recursion-circuit	rust	< 3.0.0	3.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided patches indicate several key changes to the codebase, including the introduction of new functions to handle dependencies for division/remainder operations and CPU events, as well as modifications to existing memory read and write functions to include local memory access. These changes suggest that the previous implementation had vulnerabilities or was incomplete in handling these aspects, thus the identified functions are considered vulnerable or critical to the fix.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*urin* proo* **n*r*tion, t** prov*r must o*s*rv* *ll v*lu*s s*nt to t** v*ri*i*r to **n*r*t* v*li* *i*t-S**mir ***ll*n**s. Prior to v*.*.* t** *umul*tiv* sum o* t** p*rmut*tion *r*um*nt w*s not o*s*rv** w**n s*mplin* z*t*, w*i** is * r*n*om ***ll*n**

Reasoning

T** provi*** p*t***s in*i**t* s*v*r*l k*y ***n**s to t** *o****s*, in*lu*in* t** intro*u*tion o* n*w `*un*tions` to **n*l* **p*n**n*i*s *or *ivision/r*m*in**r op*r*tions *n* *PU *v*nts, *s w*ll *s mo*i*i**tions to *xistin* m*mory r*** *n* writ* `*un*

N/A

Basic Information

Concerned about an active attack path?

GHSA-8m24-3cfx-9fjw: sp1 has insufficient observation of cumulative sum

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI