GHSA-fr8m-434r-g3xp: 
vulnerability analysis and mitigation

The vulnerability (GHSA-fr8m-434r-g3xp) affects gnark-crypto's signature deserialization process prior to version 0.12.0. The issue was discovered and disclosed on October 15, 2025, impacting ECDSA and EdDSA signature implementations in the gnark-crypto library. The vulnerability stems from insufficient range checking of input values during signature deserialization (GitHub Advisory).

During deserialization of ECDSA and EdDSA signatures, gnark-crypto failed to verify that values fall within the range [1, n-1], where n represents the corresponding modulus (base field modulus for R in EdDSA, and scalar field modulus for s,r in ECDSA and s in EdDSA). The vulnerability has been assigned a CVSS score of 5.1 with a vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L, indicating moderate severity (GitHub Advisory).

The vulnerability allowed zero inputs, which could lead to null pointer dereference resulting in denial-of-service of applications. Additionally, it enabled weak signature malleability when users assumed uniqueness of serialized signatures without considering the underlying modulo reduced values (GitHub Advisory).

The vulnerability has been patched in version 0.12.0 and later releases. The fix implements proper range checking during deserialization, ensuring values belong to the [1, n-1] range. For users unable to upgrade immediately, a workaround involves manually validating input values to be within the corresponding ranges when using serialized signatures. To address potential denial-of-service issues, users can implement panic recovery hooks (GitHub Advisory, GitHub Release).