19 matches found
EUVD-2023-1437
Malicious code in bioql PyPI...
CVE-2022-47931
IO FinNet tss-lib before 2.0.0 allows a collision of hash values...
CVE-2022-47930
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
SUSE CVE-2022-47930
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
GG18 TSS and GG20 TSS Injection Vulnerabilities
tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 20201 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in the GG18 , GG20 TSS that stems from...
Design/Logic Flaw
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
Code injection
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...
tss-lib 安全漏洞
tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 20201 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in IO FinNet tss-lib versions prior to...
CVE-2022-47930
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
PT-2023-20726 · Unknown · Thorchain/Tss +2
Name of the Vulnerable Software and Affected Versions: io.finnet tss-lib versions prior to 2.0.0 bnb-chain/tss-lib versions prior to 2.0.0 thorchain/tss versions prior to 2.0.0 Description: The issue is related to a timing side-channel attack that can leak the lambda value of a private key. This...
CVE-2022-47930
CVE-2022-47930 affects IO FinNet tss-lib prior to 2.0.0. The root cause is that the parameter ssid used to define a session id is not applied through the MPC implementation, and the Schnorr proof of knowledge in sch.go does not utilize a session id, context, or random nonce when generating the ch...
CVE-2022-47930
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
GHSA-CVCX-G7WH-X8RF Collision of hash values in github.com/bnb-chain/tss-lib
IO FinNet tss-lib before 2.0.0 allows a collision of hash values...
CVE-2022-47931
IO FinNet tss-lib before 2.0.0 allows a collision of hash values...
CVE-2022-47931
IO FinNet tss-lib before 2.0.0 allows a collision of hash values...
Design/Logic Flaw
IO FinNet tss-lib before 2.0.0 allows a collision of hash values...
IO FinNet tss-lib 加密问题漏洞
tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 20201 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in IO FinNet tss-lib versions prior to...
CVE-2022-47931
CVE-2022-47931 affects IO FinNet tss-lib prior to 2.0.0, describing a collision of hash values in the library used for threshold ECDSA/EdDSA in multi-party signing. The connected documents identify the affected version range (before 2.0.0) and point to the v2.0.0 release as remediation, along wit...
CVE-2022-47931
IO FinNet tss-lib before 2.0.0 allows a collision of hash values...