We found results for “”
CVE-2023-26557
Good to know:
Date: April 20, 2023
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)
Language: Go
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Observable Discrepancy
CWE-203Top Fix
Upgrade Version
Upgrade to version github.com/bnb-chain/tss-lib - v1.3.6-0.20230324145555-bb6fb30bd3eb;github.com/binance-chain/tss-lib - v1.3.6-0.20230324145555-bb6fb30bd3eb
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | NONE |
| Availability (A): | NONE |
Vulnerabilities
Projects
Contact Us


