Количество 2
Количество 2
CVE-2023-26557
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)
GHSA-mjqv-xhgm-gx8c
IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar arithmetic
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-26557 io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
| GHSA-mjqv-xhgm-gx8c IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar arithmetic | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу