
We found results for “”
CVE-2023-26557
Good to know:

Date: April 20, 2023
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)
Language: Go
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Observable Discrepancy
CWE-203Top Fix

Upgrade Version
Upgrade to version github.com/bnb-chain/tss-lib - v1.3.6-0.20230324145555-bb6fb30bd3eb;github.com/binance-chain/tss-lib - v1.3.6-0.20230324145555-bb6fb30bd3eb
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |