Vulnerable File: circuits/aes-gcm/aes-gctr-fold.circom
commit: 65f823fc5606fca74440fb0de939ae07a3c39a80
counter is computed as last_counter_num.out - 1 with no check that last_counter_num >= 1. If the 4-byte counter in step_in is 0, counter becomes -1 (i.e., a large field element), and index = counter*16 is a huge field value.
Vulnerable File:
circuits/aes-gcm/aes-gctr-fold.circomcommit:
65f823fc5606fca74440fb0de939ae07a3c39a80counteris computed as last_counter_num.out - 1 with no check that last_counter_num >= 1. If the 4-byte counter in step_in is 0, counter becomes -1 (i.e., a large field element), and index = counter*16 is a huge field value.