Lucene search
K

4 matches found

OSV
OSV
added 2026/01/09 10:27 p.m.4 views

GHSA-W3G8-FP6J-WVQW SM2-PKE has 32-bit Biased Nonce Vulnerability

Summary A critical vulnerability exists in the SM2 Public Key Encryption PKE implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. Th...

8.7CVSS6.5AI score0.00245EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.16 views

CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

5.9CVSS6.8AI score0.00983EPSS
Exploits2References1
Schneier on Security
Schneier on Security
added 2023/08/10 11:12 a.m.31 views

Cryptographic Flaw in Libbitcoin Explorer Cryptocurrency Wallet

Cryptographic flaws still matter. Heres a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy. Seems like this flaw is being exploited in the wild. EDITED TO ADD 8/14: A good explainer...

6.9AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2023/04/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

5.9CVSS6.2AI score0.00983EPSS
Exploits2References1
Rows per page
Query Builder