CVE-2023-33242

CVSS V2 None CVSS V3 None
Description
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.
Overview
  • CVE ID
  • CVE-2023-33242
  • Assigner
  • disclosures@halborn.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-08-09T22:15:11
  • Last Modified Date
  • 2023-08-25T15:06:14
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:lindell17_project:lindell17:-:*:*:*:*:*:*:* 1 OR
History
Created Old Value New Value Data Type Notes
2023-09-06 03:25:11 Added to TrackCVE
2023-09-06 03:25:13 Weakness Enumeration new