Headline
GHSA-fj2x-735w-74vq: gnark-crypto allows unchecked memory allocation during vector deserialization
The issue has been reported by @raefko from @fuzzinglabs. Excerpts from the report:
A critical vulnerability exists in the gnark-crypto library’s
Vector.ReadFrom()function that allows an attacker to trigger arbitrary memory allocation by crafting malicious input data. An attacker can cause the verifier to attempt allocating up to 128 GB of memory with a minimal malicious input, leading to out-of-memory crashes and denial of service.Root Cause
The vulnerability stems from unchecked deserialization of attacker-controlled length fields in the gnark-crypto library’s
Vector.ReadFrom()function. The function reads a 4-byte unsigned integer from untrusted input and directly uses it to allocate memory without any validation or bounds checking.Vulnerable Code Path
User Input (Malicious Proof/Data) ↓ gnark Proof/Data Deserialization ↓ Vector.ReadFrom() (ecc/bn254/fr/vector.go:136-144) → sliceLen := binary.BigEndian.Uint32(buf[:4]) // ← ATTACKER-CONTROLLED → (*vector) = make(Vector, sliceLen) // ← UNCHECKED ALLOCATION ↓ runtime.makeslice attempts 100+ GB allocation ↓ fatal error: runtime: out of memory → SIGABRTVulnerable Code
File:
gnark-crypto@v0.14.0+/ecc/bn254/fr/vector.go:136-144The code reads a 4-byte big-endian unsigned integer (
sliceLen) directly from the input stream and uses it to allocate a slice without any bounds checking or validation. Each element is 32 bytes (fr.Element for BN254 curve), so an attacker can request up to:Maximum Allocation:
2^32 elements × 32 bytes = 137,438,953,472 bytes ≈ 128 GBRoot Cause Analysis
The gnark-crypto library implements a generic serialization format for field element vectors. The format is:
[4 bytes: length (n)] [n × 32 bytes: elements]The deserialization code trusts the length field implicitly without any validation. This is a classic integer-to-allocation vulnerability pattern, similar to issues that have affected many serialization libraries over the years.
Impact
The issue impacts users deserializing vectors directly from untrusted sources. In case of malicious input it would lead to OOM in case the server doesn’t have sufficient memory (depending on the field, but could allocate from 32GB to 196GB).
Patches
The issue is patched in https://github.com/Consensys/gnark-crypto/pull/759. It will be backported to gnark-crypto v0.18 and v0.19.
Workarounds
The user could manually peek into the first 4 bytes of the serialized data to estimate if the header would allocate large amounts of memory.
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-fj2x-735w-74vq
gnark-crypto allows unchecked memory allocation during vector deserialization
High severity GitHub Reviewed Published Oct 30, 2025 in Consensys/gnark-crypto • Updated Oct 30, 2025
Package
gomod github.com/consensys/gnark-crypto (Go)
Affected versions
>= 0.9.1, < 0.18.1
= 0.19.0
Patched versions
0.18.1
0.19.2
The issue has been reported by @raefko from @FuzzingLabs. Excerpts from the report:
A critical vulnerability exists in the gnark-crypto library’s Vector.ReadFrom() function that allows an attacker to trigger arbitrary memory allocation by crafting malicious input data. An attacker can cause the verifier to attempt allocating up to 128 GB of memory with a minimal malicious input, leading to out-of-memory crashes and denial of service.
****Root Cause****
The vulnerability stems from unchecked deserialization of attacker-controlled length fields in the gnark-crypto library’s Vector.ReadFrom() function. The function reads a 4-byte unsigned integer from untrusted input and directly uses it to allocate memory without any validation or bounds checking.
****Vulnerable Code Path****
User Input (Malicious Proof/Data) ↓ gnark Proof/Data Deserialization ↓ Vector.ReadFrom() (ecc/bn254/fr/vector.go:136-144) → sliceLen := binary.BigEndian.Uint32(buf[:4]) // ← ATTACKER-CONTROLLED → (*vector) = make(Vector, sliceLen) // ← UNCHECKED ALLOCATION ↓ runtime.makeslice attempts 100+ GB allocation ↓ fatal error: runtime: out of memory → SIGABRT****Vulnerable Code****
File: gnark-crypto@v0.14.0+/ecc/bn254/fr/vector.go:136-144
The code reads a 4-byte big-endian unsigned integer (sliceLen) directly from the input stream and uses it to allocate a slice without any bounds checking or validation. Each element is 32 bytes (fr.Element for BN254 curve), so an attacker can request up to:
Maximum Allocation: 2^32 elements × 32 bytes = 137,438,953,472 bytes ≈ 128 GB
****Root Cause Analysis****
The gnark-crypto library implements a generic serialization format for field element vectors. The format is:
[4 bytes: length (n)] [n × 32 bytes: elements]The deserialization code trusts the length field implicitly without any validation. This is a classic integer-to-allocation vulnerability pattern, similar to issues that have affected many serialization libraries over the years.
Impact
The issue impacts users deserializing vectors directly from untrusted sources. In case of malicious input it would lead to OOM in case the server doesn’t have sufficient memory (depending on the field, but could allocate from 32GB to 196GB).
Patches
The issue is patched in Consensys/gnark-crypto#759. It will be backported to gnark-crypto v0.18 and v0.19.
Workarounds
The user could manually peek into the first 4 bytes of the serialized data to estimate if the header would allocate large amounts of memory.
References
- GHSA-fj2x-735w-74vq
- Consensys/gnark-crypto#759
- Consensys/gnark-crypto@2e7bf91
Published to the GitHub Advisory Database
Oct 30, 2025
Last updated
Oct 30, 2025