6 matches found
CVE-2023-26556
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...
PT-2023-20726 · Unknown · Thorchain/Tss +2
Name of the Vulnerable Software and Affected Versions: io.finnet tss-lib versions prior to 2.0.0 bnb-chain/tss-lib versions prior to 2.0.0 thorchain/tss versions prior to 2.0.0 Description: The issue is related to a timing side-channel attack that can leak the lambda value of a private key. This...
PT-2023-20725 · Unknown · Thorchain/Tss +3
Name of the Vulnerable Software and Affected Versions: io.finnet tss-lib versions prior to 2.0.0 bnb-chain/tss-lib versions prior to 2.0.0 thorchain/tss versions prior to 2.0.0 Description: The issue is related to a timing side-channel attack that can leak a secret key. This occurs because the...
CVE-2023-26556
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...
Observable Discrepancy
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...
Observable Discrepancy
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...