Skip to content

Commit 6fe8026

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-63x8-x938-vx33 GHSA-9c4q-hq6p-c237 GHSA-fwvm-ggf6-2p4x GHSA-gc59-r5jq-98qw GHSA-p4h8-56qp-hpgv GHSA-r7p8-xq5m-436c GHSA-v7xq-3wx6-fqc2
1 parent c11d0c8 commit 6fe8026

File tree

7 files changed

+966
-6
lines changed

7 files changed

+966
-6
lines changed

advisories/github-reviewed/2026/04/GHSA-63x8-x938-vx33/GHSA-63x8-x938-vx33.json

Lines changed: 109 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,109 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-63x8-x938-vx33",
4+
"modified": "2026-04-14T00:05:19Z",
5+
"published": "2026-04-14T00:05:19Z",
6+
"aliases": [
7+
"CVE-2026-40323"
8+
],
9+
"summary": "SP1 V6 Recursion Circuit Row-Count Binding Gap",
10+
"details": "## Summary\n\nA soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject.\n\n- **Affected versions:** `>= 6.0.0, <= 6.0.2`\n- **Not affected:** SP1 V5 (all versions)\n- **Severity:** High\n\n## Details\n\n### Background\n\nThe recursive shard verifier circuit verifies shard proofs inside a recursive proof. Each shard proof includes a jagged PCS opening, which binds trace-shape metadata into a modified commitment and uses that same shape to evaluate the committed polynomials. These two operations must agree on the committed table heights.\n\n### The Bug\n\nIn the V6 recursion circuit's jagged verifier, the two checks above are served by separate witnesses: a vector of row counts hashed into the modified commitment (commitment side), and a separate witness of prefix sums derived from row and column counts that drives the jagged polynomial evaluator (evaluation side). The prefix sums are observed within the shard verifier.\n\nThe consistency check between these two witnesses was missing in the recursion sub-circuit describing the jagged PCS verifier. A malicious prover can therefore supply one trace shape for commitment binding and a different shape for polynomial evaluation.\n\n### Potential Impact\n\nThe vulnerability applies to both main trace and preprocessed trace metadata. Because preprocessed traces encode circuit structure (selectors, fixed columns, permutation layout), the potential impact extends beyond data forgery to misrepresentation of the circuit itself.\n\nWhile a demonstration of a full exploit proving arbitrary statements has not been created — since modifying one table's layout incidentally constrains changes to related tables — this barrier is not by design and should not be relied upon. This is considered a soundness violation that is unacceptable regardless of current exploitability.\n\n### Why the Native Verifier Is Not Affected\n\nThe native shard verifier uses a single jagged PCS verifier object where row counts and evaluation layout are derived from the same data, so the split-witness divergence cannot occur. The recursion circuit's shard-level checks (prefix-sum and total-area assertions) only constrain the evaluation-side parameters, not the commitment-side row counts, so they do not catch the gap.\n\n## Mitigation\n\nThe fix adds a post-evaluation consistency constraint in the recursive jagged verifier. After the jagged evaluation returns the prefix-sum values derived from the evaluation layout, the circuit reconstructs expected prefix sums from the commitment-side row counts (repeating each row count by its corresponding column count and accumulating). It then asserts element-wise equality between the reconstructed and returned prefix sums, and verifies that the final accumulated area matches the total area from the evaluation parameters.\n\nThis forces both witnesses to describe the same trace geometry. Any divergence is now a constraint failure.\n\n## Credit\n\nThis vulnerability was identified through the SP1 bug bounty program on Code4rena.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V4",
14+
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "crates.io",
21+
"name": "sp1_sdk"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "6.1.0"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 6.0.2"
38+
}
39+
},
40+
{
41+
"package": {
42+
"ecosystem": "crates.io",
43+
"name": "sp1_recursion_circuit"
44+
},
45+
"ranges": [
46+
{
47+
"type": "ECOSYSTEM",
48+
"events": [
49+
{
50+
"introduced": "0"
51+
},
52+
{
53+
"fixed": "6.1.0"
54+
}
55+
]
56+
}
57+
],
58+
"database_specific": {
59+
"last_known_affected_version_range": "<= 6.0.2"
60+
}
61+
},
62+
{
63+
"package": {
64+
"ecosystem": "crates.io",
65+
"name": "sp1_prover"
66+
},
67+
"ranges": [
68+
{
69+
"type": "ECOSYSTEM",
70+
"events": [
71+
{
72+
"introduced": "0"
73+
},
74+
{
75+
"fixed": "6.1.0"
76+
}
77+
]
78+
}
79+
],
80+
"database_specific": {
81+
"last_known_affected_version_range": "<= 6.0.2"
82+
}
83+
}
84+
],
85+
"references": [
86+
{
87+
"type": "WEB",
88+
"url": "https://github.com/succinctlabs/sp1/security/advisories/GHSA-63x8-x938-vx33"
89+
},
90+
{
91+
"type": "PACKAGE",
92+
"url": "https://github.com/succinctlabs/sp1"
93+
},
94+
{
95+
"type": "WEB",
96+
"url": "https://github.com/succinctlabs/sp1/releases/tag/v6.1.0"
97+
}
98+
],
99+
"database_specific": {
100+
"cwe_ids": [
101+
"CWE-345",
102+
"CWE-354"
103+
],
104+
"severity": "HIGH",
105+
"github_reviewed": true,
106+
"github_reviewed_at": "2026-04-14T00:05:19Z",
107+
"nvd_published_at": null
108+
}
109+
}

advisories/github-reviewed/2026/04/GHSA-9c4q-hq6p-c237/GHSA-9c4q-hq6p-c237.json

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9c4q-hq6p-c237",
4+
"modified": "2026-04-14T00:04:45Z",
5+
"published": "2026-04-14T00:04:45Z",
6+
"aliases": [],
7+
"summary": "MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads",
8+
"details": "### Impact\n\n_What kind of vulnerability is it? Who is impacted?_\n\nTwo authentication bypass vulnerabilities in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER` code path\nallow any user who knows a valid access key to write arbitrary objects to any bucket without knowing\nthe secret key or providing a valid cryptographic signature.\n\nAny MinIO deployment is impacted. The attack requires only a valid access key (the well-known default\n`minioadmin`, or any key with WRITE permission on a bucket) and a target bucket name.\n\nThere are two vulnerabilities:\n\n1. Missing Signature Verification in PutObjectExtractHandler / Snowball (CWE-306)\n2. Signature Verification Bypass via Query-String Credentials (CWE-287)\n\n**Vulnerability 1 — Missing signature verification in PutObjectExtractHandler (Snowball)**\n\nWhen `authTypeStreamingUnsignedTrailer` support was added (commit 76913a9fd, PR #16484), the new auth\ntype was handled in `PutObjectHandler` and `PutObjectPartHandler` but was never added to\n`PutObjectExtractHandler`. The snowball auto-extract handler's `switch rAuthType` block has no case for\n`authTypeStreamingUnsignedTrailer`, so execution falls through with zero signature verification. The\n`isPutActionAllowed` call before the switch extracts the access key and checks IAM permissions, but\ndoes not verify the cryptographic signature.\n\nAn attacker sends a PUT request with `X-Amz-Content-Sha256: STREAMING-UNSIGNED-PAYLOAD-TRAILER`,\n`X-Amz-Meta-Snowball-Auto-Extract: true`, and an `Authorization` header containing a valid access key\nwith a completely fabricated signature. The request is accepted and the tar payload is extracted into\nthe bucket.\n\n**Affected component:** `cmd/object-handlers.go`, function `PutObjectExtractHandler`.\n\n**Vulnerability 2 — Signature verification bypass via query-string credentials**\n\n`PutObjectHandler` and `PutObjectPartHandler` call `newUnsignedV4ChunkedReader` with a signature\nverification gate based solely on the presence of the `Authorization` header:\n\n```go\nnewUnsignedV4ChunkedReader(r, true, r.Header.Get(xhttp.Authorization) != \"\")\n```\n\nMeanwhile, `isPutActionAllowed` extracts credentials from either the `Authorization` header or the\n`X-Amz-Credential` query parameter, and trusts whichever it finds. An attacker omits the\n`Authorization` header and supplies credentials exclusively via the query string. The signature gate\nevaluates to `false`, `doesSignatureMatch` is never called, and the request proceeds with the\npermissions of the impersonated access key.\n\n**Affected components:** `cmd/object-handlers.go` (`PutObjectHandler`),\n`cmd/object-multipart-handlers.go` (`PutObjectPartHandler`).\n\n**CVSS v4.0 Score:** 8.8 (High)\n\n**Vector:** `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N`\n\n**CWE:** CWE-306 (Missing Authentication for Critical Function), CWE-287 (Improper Authentication)\n\n### Affected Versions\n\nAll MinIO releases through the final release of the minio/minio open-source project.\n\nBoth vulnerabilities were introduced in commit\n[`76913a9fd`](https://github.com/minio/minio/commit/76913a9fd5c6e5c2dbd4e8c7faf56ed9e9e24091)\n(\"Signed trailers for signature v4\", [PR #16484](https://github.com/minio/minio/pull/16484)),\nwhich added `authTypeStreamingUnsignedTrailer` support. The first affected release is\n`RELEASE.2023-05-18T00-05-36Z`.\n\n### Patches\n\n**Fixed in**: MinIO AIStor RELEASE.2026-04-11T03-20-12Z\n\n#### Binary Downloads\n\n| Platform | Architecture | Download |\n| -------- | ------------ | --------------------------------------------------------------------------- |\n| Linux | amd64 | [minio](https://dl.min.io/aistor/minio/release/linux-amd64/minio) |\n| Linux | arm64 | [minio](https://dl.min.io/aistor/minio/release/linux-arm64/minio) |\n| macOS | arm64 | [minio](https://dl.min.io/aistor/minio/release/darwin-arm64/minio) |\n| macOS | amd64 | [minio](https://dl.min.io/aistor/minio/release/darwin-amd64/minio) |\n| Windows | amd64 | [minio.exe](https://dl.min.io/aistor/minio/release/windows-amd64/minio.exe) |\n\n#### FIPS Binaries\n\n| Platform | Architecture | Download |\n| -------- | ------------ | --------------------------------------------------------------------------- |\n| Linux | amd64 | [minio.fips](https://dl.min.io/aistor/minio/release/linux-amd64/minio.fips) |\n| Linux | arm64 | [minio.fips](https://dl.min.io/aistor/minio/release/linux-arm64/minio.fips) |\n\n#### Package Downloads\n\n| Format | Architecture | Download |\n| ------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------- |\n| DEB | amd64 | [minio_20260411032012.0.0_amd64.deb](https://dl.min.io/aistor/minio/release/linux-amd64/minio_20260411032012.0.0_amd64.deb) |\n| DEB | arm64 | [minio_20260411032012.0.0_arm64.deb](https://dl.min.io/aistor/minio/release/linux-arm64/minio_20260411032012.0.0_arm64.deb) |\n| RPM | amd64 | [minio-20260411032012.0.0-1.x86_64.rpm](https://dl.min.io/aistor/minio/release/linux-amd64/minio-20260411032012.0.0-1.x86_64.rpm) |\n| RPM | arm64 | [minio-20260411032012.0.0-1.aarch64.rpm](https://dl.min.io/aistor/minio/release/linux-arm64/minio-20260411032012.0.0-1.aarch64.rpm) |\n\n#### Container Images\n\n```bash\n# Standard\ndocker pull quay.io/minio/aistor/minio:RELEASE.2026-04-11T03-20-12Z\npodman pull quay.io/minio/aistor/minio:RELEASE.2026-04-11T03-20-12Z\n\n# FIPS\ndocker pull quay.io/minio/aistor/minio:RELEASE.2026-04-11T03-20-12Z.fips\npodman pull quay.io/minio/aistor/minio:RELEASE.2026-04-11T03-20-12Z.fips\n```\n\n#### Homebrew (macOS)\n\n```bash\nbrew install minio/aistor/minio\n```\n\n### Workarounds\n\n- [Users of the open-source `minio/minio` project should upgrade to MinIO AIStor `RELEASE.2026-04-11T03-20-12Z` or later.](https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/community-edition/)\n\nIf upgrading is not immediately possible:\n\n- **Block unsigned-trailer requests at the load balancer.** Reject any request containing\n `X-Amz-Content-Sha256: STREAMING-UNSIGNED-PAYLOAD-TRAILER` at the reverse proxy or WAF layer.\n Clients can use `STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER` (the signed variant) instead.\n\n- **Restrict WRITE permissions.** Limit `s3:PutObject` grants to trusted principals. While this\n reduces the attack surface, it does not eliminate the vulnerability since any user with WRITE\n permission can exploit it with only their access key.\n\n### Credits\n\n- **Finder:** Arvin Shivram of Brutecat Security ([@ddd](https://github.com/ddd))\n\n### References\n\n- Introducing commit: [`76913a9fd`](https://github.com/minio/minio/commit/76913a9fd5c6e5c2dbd4e8c7faf56ed9e9e24091) ([PR #16484](https://github.com/minio/minio/pull/16484))\n- [MinIO AIStor](https://min.io/aistor)",
9+
"severity": [
10+
{
11+
"type": "CVSS_V4",
12+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"
13+
}
14+
],
15+
"affected": [
16+
{
17+
"package": {
18+
"ecosystem": "Go",
19+
"name": "github.com/minio/minio"
20+
},
21+
"ranges": [
22+
{
23+
"type": "ECOSYSTEM",
24+
"events": [
25+
{
26+
"introduced": "0.0.0-20230506025312-76913a9fd5c6"
27+
},
28+
{
29+
"last_affected": "0.0.0-20260212201848-7aac2a2c5b7c"
30+
}
31+
]
32+
}
33+
]
34+
}
35+
],
36+
"references": [
37+
{
38+
"type": "WEB",
39+
"url": "https://github.com/minio/minio/security/advisories/GHSA-9c4q-hq6p-c237"
40+
},
41+
{
42+
"type": "WEB",
43+
"url": "https://github.com/minio/minio/pull/16484"
44+
},
45+
{
46+
"type": "WEB",
47+
"url": "https://github.com/minio/minio/commit/76913a9fd5c6e5c2dbd4e8c7faf56ed9e9e24091"
48+
},
49+
{
50+
"type": "PACKAGE",
51+
"url": "https://github.com/minio/minio"
52+
}
53+
],
54+
"database_specific": {
55+
"cwe_ids": [
56+
"CWE-287",
57+
"CWE-306"
58+
],
59+
"severity": "HIGH",
60+
"github_reviewed": true,
61+
"github_reviewed_at": "2026-04-14T00:04:45Z",
62+
"nvd_published_at": null
63+
}
64+
}

0 commit comments

Comments
 (0)