github.com/binance-chain/tss-lib

Go5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/binance-chain/tss-libpage 1 of 1

CVE-2020-12118HIGHCVSS 8.2EG 8.2✓ Fixed in 1.2.0
2020-04-23
The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties.
CVE-2022-47930MEDIUMCVSS 6.8EG 6.8
2023-04-21
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of …
CVE-2022-47931CRITICALCVSS 9.1EG 9.1
2022-12-23
IO FinNet tss-lib before 2.0.0 allows a collision of hash values.
CVE-2023-26556CRITICALCVSS 9.1EG 9.1
2023-04-21
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One…
CVE-2023-26557HIGHCVSS 7.5EG 7.5
2023-04-21
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is …

Check whether github.com/binance-chain/tss-lib is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/binance-chain/tss-lib CVEs against the assets you own.

Start Free Scan →