CVE-2023-26557

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

CVE-2023-26556

CVE-2023-26556 affects io.finnet tss-lib prior to 2.0.0. The vulnerability arises from a timing side-channel leak in the scalar-multiplication code path used by ECDSA key generation, relying on Go’s crypto/elliptic implementation which is not constant time. Affected code path is identified in ecd...

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

PT-2023-20725 · Unknown · Thorchain/Tss +3

Name of the Vulnerable Software and Affected Versions: io.finnet tss-lib versions prior to 2.0.0 bnb-chain/tss-lib versions prior to 2.0.0 thorchain/tss versions prior to 2.0.0 Description: The issue is related to a timing side-channel attack that can leak a secret key. This occurs because the...

CVE-2023-26557

io.finnet tss-lib before 2.0.0 is vulnerable to a timing side-channel that can leak the lambda value of a private key because it uses Go big.Int in non-constant-time operations (Cmp, modular exponentiation, modular inverse). The issue affects tss-lib versions prior to 2.0.0 and is noted for bnb-c...