CVE-2025-46723
OpenVM byte decomposition of pc in AUIPC chip can overflow
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
OpenVM byte decomposition of pc in AUIPC chip can overflow
OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in the if statement never being triggered because the enumeration gives i=0,1,2, when instead the enumeration should give i=1,2,3, leaving pc_limbs[3] range checked to 8-bits instead of 6-bits. This leads to a vulnerability where the pc_limbs decomposition differs from the true pc, which means a malicious prover can make the destination register take a different value than the AUIPC instruction dictates, by making the decomposition overflow the BabyBear field. This issue has been patched in version 1.1.0.
Reserved 2025-04-28 | Published 2025-05-02 | Updated 2025-05-06 | Assigner GitHub_MCWE-131: Incorrect Calculation of Buffer Size
github.com/...openvm/security/advisories/GHSA-jf2r-x3j4-23m7
github.com/...ommit/68da4b50c033da5603517064aa0a08e1bbf70a01
cantina.xyz/...6d600-bed0-4fc6-aed1-de759fd29fa2/findings/21
github.com/...93/extensions/rv32im/circuit/src/auipc/core.rs
github.com/openvm-org/openvm/releases/tag/v1.1.0
Support options
