CVE-2022-47930
- EPSS 0.08%
- Veröffentlicht 21.04.2023 18:15:07
- Zuletzt bearbeitet 05.02.2025 15:15:15
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge i...
CVE-2023-26556
- EPSS 0.49%
- Veröffentlicht 21.04.2023 18:15:07
- Zuletzt bearbeitet 05.02.2025 15:15:17
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in...
CVE-2023-26557
- EPSS 0.15%
- Veröffentlicht 21.04.2023 18:15:07
- Zuletzt bearbeitet 05.02.2025 15:15:17
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/p...
CVE-2022-47931
- EPSS 0.06%
- Veröffentlicht 23.12.2022 00:15:14
- Zuletzt bearbeitet 15.04.2025 15:16:07
IO FinNet tss-lib before 2.0.0 allows a collision of hash values.