Skip to main content

Tss Lib

4 CVEs product

Monthly

CVE-2023-26557 Go HIGH PATCH This Week

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tss Lib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-26556 Go CRITICAL PATCH Act Now

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tss Lib
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-47931 Go CRITICAL PATCH Act Now

IO FinNet tss-lib before 2.0.0 allows a collision of hash values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tss Lib
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2020-12118 Go HIGH PATCH This Week

The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Tss Lib
NVD GitHub
CVSS 3.1
8.2
EPSS
1.2%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tss Lib
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tss Lib
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

IO FinNet tss-lib before 2.0.0 allows a collision of hash values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tss Lib
NVD GitHub
EPSS 1% CVSS 8.2
HIGH PATCH This Week

The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Tss Lib
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy