How severe is GHSA-fj2x-735w-74vq?

GHSA-fj2x-735w-74vq has a CVSS score of 7.5/10, rated HIGH. Immediate patching is strongly recommended.

Which packages are affected by GHSA-fj2x-735w-74vq?

GHSA-fj2x-735w-74vq affects the following packages: github.com/consensys/gnark-crypto (Go), github.com/consensys/gnark-crypto (Go). Ecosystems affected: Go.

How do I fix GHSA-fj2x-735w-74vq?

Update github.com/consensys/gnark-crypto to 0.18.1 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-fj2x-735w-74vq is resolved across your whole dependency graph.

How do I detect GHSA-fj2x-735w-74vq in my Go dependencies?

Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for github.com/consensys/gnark-crypto. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

How do I mitigate GHSA-fj2x-735w-74vq if there is no patch (or I can't update yet)?

If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

How does O3 Security protect against GHSA-fj2x-735w-74vq?

O3 pinpoints whether GHSA-fj2x-735w-74vq is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Is GHSA-fj2x-735w-74vq actively exploited in the wild?

No public exploit code has been indexed for GHSA-fj2x-735w-74vq yet. This does not mean the vulnerability cannot be exploited — absence of public exploits does not imply safety. Apply the recommended fix and use O3 Security to monitor your exposure.

When was GHSA-fj2x-735w-74vq published, and has it been updated?

GHSA-fj2x-735w-74vq was published on October 30, 2025 and was last updated on February 4, 2026. Advisory data evolves as severity scores, affected ranges, and exploit intelligence are revised — always check the latest version of the advisory before acting.

🐹 Go

GHSA-fj2x-735w-74vq

HIGH

gnark-crypto allows unchecked memory allocation during vector deserialization

Also known asGO-2025-4087

Published

Oct 30, 2025

Updated

Feb 4, 2026

Affected

2 pkgs

Patched

2 / 2

Exploits

None indexed

Blast Radius

2 pkgs affected

🐹github.com/consensys/gnark-crypto🐹github.com/consensys/gnark-crypto

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects Go packages — download data is not available via public APIs for these ecosystems.

Description

The issue has been reported by @raefko from @fuzzinglabs. Excerpts from the report:

A critical vulnerability exists in the gnark-crypto library's Vector.ReadFrom() function that allows an attacker to trigger arbitrary memory allocation by crafting malicious input data. An attacker can cause the verifier to attempt allocating up to 128 GB of memory with a minimal malicious input, leading to out-of-memory crashes and denial of service.

Root Cause

The vulnerability stems from unchecked deserialization of attacker-controlled length fields in the gnark-crypto library's Vector.ReadFrom() function. The function reads a 4-byte unsigned integer from untrusted input and directly uses it to allocate memory without any validation or bounds checking.

Vulnerable Code Path
User Input (Malicious Proof/Data)
         ↓
gnark Proof/Data Deserialization
         ↓
Vector.ReadFrom() (ecc/bn254/fr/vector.go:136-144)
  → sliceLen := binary.BigEndian.Uint32(buf[:4])   // ← ATTACKER-CONTROLLED
  → (*vector) = make(Vector, sliceLen)             // ← UNCHECKED ALLOCATION
         ↓
runtime.makeslice attempts 100+ GB allocation
         ↓
fatal error: runtime: out of memory → SIGABRT
Vulnerable Code

File: [email protected]+/ecc/bn254/fr/vector.go:136-144

The code reads a 4-byte big-endian unsigned integer (sliceLen) directly from the input stream and uses it to allocate a slice without any bounds checking or validation. Each element is 32 bytes (fr.Element for BN254 curve), so an attacker can request up to:

Maximum Allocation: 2^32 elements × 32 bytes = 137,438,953,472 bytes ≈ 128 GB

Root Cause Analysis

The gnark-crypto library implements a generic serialization format for field element vectors. The format is:
[4 bytes: length (n)] [n × 32 bytes: elements]
The deserialization code trusts the length field implicitly without any validation. This is a classic integer-to-allocation vulnerability pattern, similar to issues that have affected many serialization libraries over the years.

Impact

The issue impacts users deserializing vectors directly from untrusted sources. In case of malicious input it would lead to OOM in case the server doesn't have sufficient memory (depending on the field, but could allocate from 32GB to 196GB).

Patches

The issue is patched in https://github.com/Consensys/gnark-crypto/pull/759. It will be backported to gnark-crypto v0.18 and v0.19.

Workarounds

The user could manually peek into the first 4 bytes of the serialized data to estimate if the header would allocate large amounts of memory.

Affected Packages

2 total 2 fixed

Ecosystem	Package	Vulnerable range	Fix
🐹Go	`github.com/consensys/gnark-crypto`	≥ 0.9.1&&< 0.18.1	0.18.1
🐹Go	`github.com/consensys/gnark-crypto`	≥ 0.19.0&&< 0.19.2	0.19.2

Detection & mitigation playbook

Open-source dependency

Detect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for github.com/consensys/gnark-crypto. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update github.com/consensys/gnark-crypto to 0.18.1 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-fj2x-735w-74vq is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-fj2x-735w-74vq is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-fj2x-735w-74vq. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

The issue has been reported by @raefko from @fuzzinglabs. Excerpts from the report: > A critical vulnerability exists in the gnark-crypto library's `Vector.ReadFrom()` function that allows an attacker to trigger arbitrary memory allocation by crafting malicious input data. An attacker can cause the verifier to attempt allocating up to 128 GB of memory with a minimal malicious input, leading to out-of-memory crashes and denial of service. > ### **Root Cause** > > > The vulnerability stems from **unchecked deserialization** of attacker-controlled length fields in the gnark-crypto library's `Ve

O3 Security · Impact-Aware SCA

Is GHSA-fj2x-735w-74vq in your dependencies?

O3 detects GHSA-fj2x-735w-74vq across Go dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works

GHSA-fj2x-735w-74vq

Blast Radius

Description

Root Cause

Vulnerable Code Path

Vulnerable Code

Root Cause Analysis

Impact

Patches

Workarounds

Affected Packages

Detection & mitigation playbook

Detect

Fix

Workarounds

How O3 protects you

Frequently Asked Questions

Is GHSA-fj2x-735w-74vq in your dependencies?