CVE-2023-26557

Description

Timing attack from non-constant time scalar arithmetic in github.com/bnb-chain/tss-lib.

Affected packages (4)

• Go/github.com/binance-chain/tss-libfrom 0, < 1.3.6-0.20230324145555-bb6fb30bd3eb
• Go/github.com/binance-chain/tss-libfrom 0
• Go/github.com/bnb-chain/tss-libfrom 0, < 1.3.6-0.20230324145555-bb6fb30bd3eb
• Go/github.com/bnb-chain/tss-libfrom 0, < 1.3.6-0.20230324145555-bb6fb30bd3eb

CVSS scores

References (7)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-26557
• PATCHhttps://github.com/bnb-chain/tss-lib
• WEBhttps://github.com/bnb-chain/tss-lib/tree/v1.3.5
• WEBhttps://github.com/IoFinnet/tss-lib/releases/tag/v2.0.0
• WEBhttps://gitlab.com/thorchain/tss/tss-lib/-/tags/v0.1.3
• WEBhttps://medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b
• WEBhttps://pkg.go.dev/vuln/GO-2023-1733