CVE-2023-26556

CVSS V2 None CVSS V3 None
Description
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)
Overview
  • CVE ID
  • CVE-2023-26556
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Awaiting Analysis
  • Published Version
  • 2023-04-21T18:15:07
  • Last Modified Date
  • 2023-04-24T13:02:19
History
Created Old Value New Value Data Type Notes
2023-04-21 19:01:11 Added to TrackCVE
2023-04-24 14:03:53 2023-04-24T13:02:19 CVE Modified Date updated
2023-04-24 14:03:53 Received Awaiting Analysis Vulnerability Status updated