Описание
Incorrect Default Permissions in Binance tss-lib
The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties.
Specific Go Packages Affected
github.com/binance-chain/tss-lib/ecdsa/keygen
Пакеты
Наименование
github.com/binance-chain/tss-lib
go
Затронутые версииВерсия исправления
< 1.2.0
1.2.0
Связанные уязвимости
CVSS3: 8.2
nvd
почти 6 лет назад
The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties.