Lucene search

[email protected]NVD:CVE-2023-33242

HistoryAug 09, 2023 - 10:15 p.m.

CVE-2023-33242

2023-08-0922:15:11

CWE-74

[email protected]

web.nvd.nist.gov

crypto wallets

lindell17 tss protocol

ecdsa private key

security proof assumption

signature attempt

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper’s security proof’s assumption regarding handling aborts after a failed signature.

Affected configurations

NVD

Node

lindell17_projectlindell17Match-

References

eprint.iacr.org/2017/552.pdf

github.com/fireblocks-labs/mpc-ecdsa-attacks-23

github.com/fireblocks-labs/zengo-lindell17-exploit-poc

www.fireblocks.com/blog/lindell17-abort-vulnerability-technical-report/

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

Related for NVD:CVE-2023-33242

cve1 prion1 cvelist1 githubexploit1 thn1