CVE-2025-24802 – Plonky2 Lookup Table Padding overwrite vulnerability

The following table lists the changes that have been made to the CVE-2025-24802 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Jan. 30, 2025

    Action Type Old Value New Value
    Added Description Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always include the 0 -> 0 input-output pair. Thus a malicious prover can always prove that f(0) = 0 for any lookup table f (unless its length happens to be divisible by 26). The cause of problem is that the LookupTableGate-s are padded with zeros. A workaround from the user side is to extend the table (by repeating some entries) so that its length becomes divisible by 26. This vulnerability is fixed in 1.0.1.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
    Added CWE CWE-1240
    Added Reference https://github.com/0xPolygonZero/plonky2/blob/main/plonky2/src/plonk/prover.rs#L97
    Added Reference https://github.com/0xPolygonZero/plonky2/commit/091047f7f10cae082716f3738ad59a583835f7b6
    Added Reference https://github.com/0xPolygonZero/plonky2/security/advisories/GHSA-hj49-h7fq-px5h

نوشته های مشابه

CVE-2024-13767 – “Live2DWebCanvas WordPress Remote File Deletion”

CVE-2025-0147 – “Zoom Workplace App for Linux Type Confusion Privilege Escalation”

CVE-2025-0574 – Sante PACS Server Web Server URL Path Memory Corruption DoS

CVE-2025-0680 – FogWave Edge Computing Cloud RPC Remote Command Execution vulnerartner