CVE-2023-26557

CVSS V2 None CVSS V3 None
Description
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)
Overview
  • CVE ID
  • CVE-2023-26557
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Awaiting Analysis
  • Published Version
  • 2023-04-21T18:15:07
  • Last Modified Date
  • 2023-04-24T13:02:19
History
Created Old Value New Value Data Type Notes
2023-04-21 19:01:11 Added to TrackCVE
2023-04-24 14:03:53 2023-04-24T13:02:19 CVE Modified Date updated
2023-04-24 14:03:53 Received Awaiting Analysis Vulnerability Status updated