CVE-2025-46723

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-46723
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-46723.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-46723
Aliases
Published
2025-05-02T23:15:16Z
Modified
2025-05-24T03:40:29.060477Z
Summary
[none]
Details

OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in the if statement never being triggered because the enumeration gives i=0,1,2, when instead the enumeration should give i=1,2,3, leaving pclimbs[3] range checked to 8-bits instead of 6-bits. This leads to a vulnerability where the pclimbs decomposition differs from the true pc, which means a malicious prover can make the destination register take a different value than the AUIPC instruction dictates, by making the decomposition overflow the BabyBear field. This issue has been patched in version 1.1.0.

References

Affected packages

Git / github.com/openvm-org/openvm

Affected ranges

Type
GIT
Repo
https://github.com/openvm-org/openvm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v0.*

v0.1.0-alpha
v0.1.1-alpha

v1.*

v1.0.0
v1.0.0-rc.0
v1.0.0-rc.1
v1.0.0-rc.2