Lucene search

K
osvGoogleOSV:GHSA-399H-CMVP-QGX5
HistoryJun 29, 2021 - 9:32 p.m.

Incorrect Default Permissions in Binance tss-lib

2021-06-2921:32:11
Google
osv.dev
9

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.3%

The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties.

Specific Go Packages Affected

github.com/binance-chain/tss-lib/ecdsa/keygen

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.3%

Related for OSV:GHSA-399H-CMVP-QGX5