Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iofinnet tss-lib vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2023-26556
io.finnet tss-lib prior to 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (b...
Iofinnet Tss-lib
9.1
CVSSv3
CVE-2022-47931
IO FinNet tss-lib prior to 2.0.0 allows a collision of hash values.
Iofinnet Tss-lib
7.5
CVSSv3
CVE-2023-26557
io.finnet tss-lib prior to 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-ch...
Iofinnet Tss-lib
6.8
CVSSv3
CVE-2022-47930
An issue exists in IO FinNet tss-lib prior to 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utiliz...
Iofinnet Tss-lib
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started