CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

CVE-2023-26557

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

tss-lib 安全漏洞

tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 2020 1 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in tss-lib versions prior to 2.0.0, whic...

tss-lib 安全漏洞

tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 2020 1 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in IO FinNet tss-lib versions prior to...

PT-2023-20726 · Unknown · Thorchain/Tss +2

Name of the Vulnerable Software and Affected Versions: io.finnet tss-lib versions prior to 2.0.0 bnb-chain/tss-lib versions prior to 2.0.0 thorchain/tss versions prior to 2.0.0 Description: The issue is related to a timing side-channel attack that can leak the lambda value of a private key. This...

PT-2023-15533 · Tss-Lib +1 · Tss-Lib +1

Name of the Vulnerable Software and Affected Versions: tss-lib versions prior to 2.0.0 Description: An issue was discovered in the tss-lib library, where the parameter ssid for defining a session id is not used through the MPC implementation. This makes replaying and spoofing of messages easier, ...

Buffer Overlow in TSS2_RC_Decode in tpm2-tss

...

IO FinNet tss-lib 加密问题漏洞

tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 20201 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in IO FinNet tss-lib versions prior to...

PT-2022-28091 · Tss-Lib · Tss-Lib

Name of the Vulnerable Software and Affected Versions: tss-lib versions prior to 2.0.0 Description: The issue concerns a collision of hash values. This collision can potentially lead to security issues, although specific details about exploitation or affected devices are not provided...

PT-2020-13046 · Binance · Tss-Lib

Name of the Vulnerable Software and Affected Versions: Binance tss-lib versions prior to 1.2.0 Description: The keygen protocol implementation in Binance tss-lib allows attackers to generate crafted h1 and h2 parameters, which can compromise a signing round or obtain sensitive information from...