Lucene search

HalbornCVELIST:CVE-2023-33242

HistoryAug 09, 2023 - 9:01 p.m.

CVE-2023-33242 Lindell17 TSS Abort Mishandling

2023-08-0921:01:37

Halborn

www.cve.org

cve-2023-33242

crypto wallets

ecdsa private key

security proof

signature attempt

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

55.5%

JSON

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper’s security proof’s assumption regarding handling aborts after a failed signature.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Wallet",
    "vendor": "Lindell TSS Implementations",
    "versions": [
      {
        "status": "affected",
        "version": "17"
      }
    ]
  }
]

References

eprint.iacr.org/2017/552.pdf

github.com/fireblocks-labs/mpc-ecdsa-attacks-23

github.com/fireblocks-labs/zengo-lindell17-exploit-poc

www.fireblocks.com/blog/lindell17-abort-vulnerability-technical-report/

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

55.5%

JSON

Related for CVELIST:CVE-2023-33242