CVE-2026-41197: CWE-131: Incorrect Calculation of Buffer Size in noir-lang noir
CVE-2026-41197 is a critical vulnerability in noir-lang noir versions prior to 1. 0. 0-beta. 19 involving incorrect buffer size calculation for nested arrays returned by foreign calls. The issue arises because the compiler under-allocates memory for nested arrays of composite types, such as tuples, corrupting the Brillig VM heap. This can lead to memory corruption during execution of Noir programs that invoke such foreign functions. The vulnerability has a CVSS 4. 0 base score of 9. 3, indicating high impact and exploitability. Version 1.
AI Analysis
Technical Summary
Noir-lang noir is a domain-specific language for SNARK proving systems that compiles to Brillig bytecode. When compiling foreign function calls that return nested arrays, the compiler incorrectly calculates the buffer size for nested arrays of composite types by using the semantic length instead of the semi-flattened size. This leads to under-allocation of memory on the Brillig VM heap, causing heap corruption. The vulnerability is identified as CWE-131 (Incorrect Calculation of Buffer Size). The issue is fixed in noir version 1.0.0-beta.19.
Potential Impact
The vulnerability causes heap corruption in the Brillig VM when processing foreign calls returning nested arrays of composite types. This can lead to undefined behavior, potential crashes, or memory corruption during execution of Noir programs. Given the critical CVSS score of 9.3, the impact is severe, potentially allowing attackers to disrupt or manipulate the execution environment.
Mitigation Recommendations
Upgrade noir-lang noir to version 1.0.0-beta.19 or later, where this buffer size calculation bug is fixed. Since the vendor advisory indicates the issue is resolved in this version, applying this official fix is the recommended remediation. Patch status is not explicitly stated beyond the fixed version, so users should verify with the vendor advisory for any additional guidance.
CVE-2026-41197: CWE-131: Incorrect Calculation of Buffer Size in noir-lang noir
Description
CVE-2026-41197 is a critical vulnerability in noir-lang noir versions prior to 1. 0. 0-beta. 19 involving incorrect buffer size calculation for nested arrays returned by foreign calls. The issue arises because the compiler under-allocates memory for nested arrays of composite types, such as tuples, corrupting the Brillig VM heap. This can lead to memory corruption during execution of Noir programs that invoke such foreign functions. The vulnerability has a CVSS 4. 0 base score of 9. 3, indicating high impact and exploitability. Version 1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Noir-lang noir is a domain-specific language for SNARK proving systems that compiles to Brillig bytecode. When compiling foreign function calls that return nested arrays, the compiler incorrectly calculates the buffer size for nested arrays of composite types by using the semantic length instead of the semi-flattened size. This leads to under-allocation of memory on the Brillig VM heap, causing heap corruption. The vulnerability is identified as CWE-131 (Incorrect Calculation of Buffer Size). The issue is fixed in noir version 1.0.0-beta.19.
Potential Impact
The vulnerability causes heap corruption in the Brillig VM when processing foreign calls returning nested arrays of composite types. This can lead to undefined behavior, potential crashes, or memory corruption during execution of Noir programs. Given the critical CVSS score of 9.3, the impact is severe, potentially allowing attackers to disrupt or manipulate the execution environment.
Mitigation Recommendations
Upgrade noir-lang noir to version 1.0.0-beta.19 or later, where this buffer size calculation bug is fixed. Since the vendor advisory indicates the issue is resolved in this version, applying this official fix is the recommended remediation. Patch status is not explicitly stated beyond the fixed version, so users should verify with the vendor advisory for any additional guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-18T02:51:52.973Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e9707c87115cfb68522138
Added to database: 4/23/2026, 1:06:04 AM
Last enriched: 4/23/2026, 1:21:33 AM
Last updated: 4/23/2026, 5:34:12 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.