admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-31 18:51:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-265xx/CVE-2023-26556.json

32 lines
1.1 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2023-26556",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-21T18:15:07.927",
Auto-Update: 2023-04-24T14:55:51.857146+00:00
2023-04-24 16:55:55 +02:00
"lastModified": "2023-04-24T13:02:19.050",
"vulnStatus": "Awaiting Analysis",
bootstrap
2023-04-24 12:24:31 +02:00
"descriptions": [
{
"lang": "en",
"value": "io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/IoFinnet/tss-lib/releases/tag/v2.0.0",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bnb-chain/tss-lib/tree/v1.3.5",
"source": "cve@mitre.org"
},
{
"url": "https://gitlab.com/thorchain/tss/tss-lib/-/tags/v0.1.3",
"source": "cve@mitre.org"
},
{
"url": "https://medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue Copy Permalink