Количество 2
Количество 2
CVE-2023-26556
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)
GHSA-3w84-4mjc-rjw7
IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar multiplication
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-26556 io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) | CVSS3: 9.1 | 0% Низкий | почти 3 года назад |
| GHSA-3w84-4mjc-rjw7 IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar multiplication | CVSS3: 9.1 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу