3 matches found
CVE-2023-26556
CVE-2023-26556 affects io.finnet tss-lib prior to 2.0.0. The vulnerability arises from a timing side-channel leak in the scalar-multiplication code path used by ECDSA key generation, relying on Go’s crypto/elliptic implementation which is not constant time. Affected code path is identified in ecd...
PT-2023-20725 · Unknown · Thorchain/Tss +3
Name of the Vulnerable Software and Affected Versions: io.finnet tss-lib versions prior to 2.0.0 bnb-chain/tss-lib versions prior to 2.0.0 thorchain/tss versions prior to 2.0.0 Description: The issue is related to a timing side-channel attack that can leak a secret key. This occurs because the...
CVE-2023-26556
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...