mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-12 02:04:49 +00:00
32 lines
1.1 KiB
JSON
32 lines
1.1 KiB
JSON
{
|
|
"id": "CVE-2023-26556",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2023-04-21T18:15:07.927",
|
|
"lastModified": "2023-04-24T13:02:19.050",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)"
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/IoFinnet/tss-lib/releases/tag/v2.0.0",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/bnb-chain/tss-lib/tree/v1.3.5",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://gitlab.com/thorchain/tss/tss-lib/-/tags/v0.1.3",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |