Information Disclosure

github.com/bnb-chain/tss-lib is vulnerable to Information Disclosure. An attacker is able to steal the secret key shares of other participants in the signing protocol. This could happen if the attacker generates a Paillier modulus N containing small factors less than 2^100. The master key can the...

GHSA-H24C-6P6P-M3VX tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli

Impact The specification of the GG18 threshold ECDSA signature protocol contains a vulnerability allowing an attacker to recover the shared secret key. If a participant generates a Paillier modulus N containing small factors less than 2^100 they can interact with other participants in the signing...

[slackware-security] openssl

New openssl packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/openssl-1.1.1v-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: Fix excessive time spent checking DH q...

SUSE-SU-2023:3160-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2023-3446: Fixed DHcheck excessive time with over sized modulus bsc1213487...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2023:2962-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2962-1 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:...

ALPINE-CVE-2023-3446

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

AZL-47646 CVE-2023-3446 affecting package hvloader for versions less than 1.0.1-6

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

CVE-2023-3446

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

PT-2023-4551

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 41.0.3 Description The issue is related to the functions DH check, DH check ex, and EVP PKEY param check in the OpenSSL library. These functions can cause long delays when checking excessively long DH keys or...

GHSA-XP5G-JHG3-3RG2 Double spend in snarkjs

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

Design/Logic Flaw

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

PT-2023-24246 · Unknown · Iden3 Snarkjs

Name of the Vulnerable Software and Affected Versions: iden3 snarkjs versions through 0.6.11 Description: The issue allows double spending due to the lack of validation that the publicSignals length is less than the field modulus. Recommendations: For iden3 snarkjs versions through 0.6.11, consid...

iden3 snarkjs 安全漏洞

snarkjs is an open source JavaScript library from iden3 open source for building zero-knowledge proofs. A security vulnerability exists in iden3 snarkjs version 0.6.11 and earlier, which stems from not verifying that the length of publicSignals is less than the field modulus...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

CVE-2023-33252

CVE-2023-33252 concerns the iden3 snarkjs library (up to v0.6.11). The root cause is a missing validation of the length of publicSignals against the field modulus, enabling potential double-spending . The CVE is supported by multiple connected reports (Red Hat, OSV, GHSA, NVD, Veracode) documenti...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

Design/Logic Flaw

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...