Lucene search
Veracode Vulnerability DatabaseVERACODE:38579HistoryDec 23, 2022 - 8:09 a.m.
Hash Collision
2022-12-2308:09:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
hash collision
remote attack
vulnerable software
0.001 Low
EPSS
Percentile
51.0%
github.com/iofinnet/tss-lib is vulnerable to hash collision attacks. A remote attacker is able to cause hash table collisions through the vulnerable SHA512_256 function of common/hash.go file, resulting in attacker gaining unintended privileges.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/iofinnet/tss-lib | eq | HEAD | |
| github.com/iofinnet/tss-lib | eq | HEAD |
References
github.com/advisories/GHSA-cvcx-g7wh-x8rf
github.com/IoFinnet/tss-lib/commit/369ec50be1437588a9733443bcb2f15b794601d4
github.com/IoFinnet/tss-lib/releases/tag/v2.0.0
medium.com/%40iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b
medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b
Related
osv
osv
Collision of hash values in github.com/bnb-chain/tss-lib
2023-07-11 18:44:23
Collision of hash values in github.com/bnb-chain/tss-lib
2022-12-23 00:30:23
cve
cve
CVE-2022-47931
2022-12-23 00:15:14
gitlab
gitlab
Use of a Broken or Risky Cryptographic Algorithm
2022-12-23 00:00:00
prion
prion
Design/Logic Flaw
2022-12-23 00:15:00
nvd
nvd
CVE-2022-47931
2022-12-23 00:15:14
cvelist
cvelist
CVE-2022-47931
2022-12-22 00:00:00
github
github
Collision of hash values in github.com/bnb-chain/tss-lib
2022-12-23 00:30:23