EUVD-2023-37411

Malicious code in bioql PyPI...

CVE-2023-33242

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt 256 in total because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed...

CVE-2023-33241

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signature...

Design/Logic Flaw

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signature...

CVE-2023-33242

CVE-2023-33242 affects crypto wallets implementing Lindell17 TSS. The vulnerability arises from mishandling aborts after a failed signature, allowing an attacker to exfiltrate the full ECDSA private key by extracting one bit per signature attempt (256 total). Connected materials include a PoC/exp...

CVE-2023-33241

CVE-2023-33241 affects wallets using GG18/GG20 TSS (MPC) protocols. A malicious pallier key injected during the protocol and cheating in the range proof may allow an attacker to exfiltrate a full ECDSA private key (or other parties’ key shares), with the required effort potentially depending on B...

CVE-2023-33241 GG18 / GG20 TSS Beta Parameter Vulnerability

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signature...