Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iofinnet tss-lib vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-26556
io.finnet tss-lib prior to 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (b...
Iofinnet Tss-lib
NA
CVE-2023-26557
io.finnet tss-lib prior to 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-ch...
Iofinnet Tss-lib
NA
CVE-2022-47930
An issue exists in IO FinNet tss-lib prior to 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utiliz...
Iofinnet Tss-lib
NA
CVE-2022-47931
IO FinNet tss-lib prior to 2.0.0 allows a collision of hash values.
Iofinnet Tss-lib
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started