Lucene search
K

7 matches found

NVD
NVD
added 2023/04/21 6:15 p.m.44 views

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

9.1CVSS9.1AI score0.00864EPSS
Exploits0References4
Prion
Prion
added 2023/04/21 6:15 p.m.20 views

Information disclosure

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

6.4CVSS9AI score0.00864EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/04/21 12:0 a.m.36 views

Observable Discrepancy

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

9.1CVSS8.6AI score0.00864EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/21 12:0 a.m.5 views

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

9.1AI score0.00864EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/04/21 12:0 a.m.39 views

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

9.3AI score0.00864EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2022/04/30 7:0 a.m.2 views

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

...

7.5CVSS7.3AI score0.03965EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2022/02/18 8:0 a.m.5 views

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

...

9.1CVSS8.6AI score0.03015EPSS
Exploits0
Rows per page
Query Builder