Lucene search

GoogleOSV:GHSA-CVCX-G7WH-X8RF

HistoryDec 23, 2022 - 12:30 a.m.

Collision of hash values in github.com/bnb-chain/tss-lib

2022-12-2300:30:23

Google

osv.dev

github

security

vulnerability

software

finnet

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

51.0%

JSON

IO FinNet tss-lib before 2.0.0 allows a collision of hash values.

CPENameOperatorVersion
github.com/bnb-chain/tss-liblt1.3.6-0.20230324145555-bb6fb30bd3eb

CPE	Name	Operator	Version
	github.com/bnb-chain/tss-lib	lt	1.3.6-0.20230324145555-bb6fb30bd3eb

References

github.com/bnb-chain/tss-lib

github.com/bnb-chain/tss-lib/commit/bb6fb30bd3ebd35c755109836aa1a5ee6126c8a0

github.com/bnb-chain/tss-lib/pull/233

github.com/golang/vulndb/blob/master/data/reports/GO-2023-1904.yaml

github.com/IoFinnet/threshlib/commit/369ec50be1437588a9733443bcb2f15b794601d4

github.com/IoFinnet/threshlib/releases/tag/v2.0.0

medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b

nvd.nist.gov/vuln/detail/CVE-2022-47931

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

51.0%

JSON

Related for OSV:GHSA-CVCX-G7WH-X8RF