github.com/bnb-chain/tss-lib

Go4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/bnb-chain/tss-libpage 1 of 1

CVE-2022-47930MEDIUMCVSS 6.8EG 6.8
2023-04-21
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of …
CVE-2022-47931CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.3.6-0.20230324145555-bb6fb30bd3eb
2022-12-23
IO FinNet tss-lib before 2.0.0 allows a collision of hash values.
CVE-2023-26556CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.3.6-0.20230324145555-bb6fb30bd3eb
2023-04-21
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One…
CVE-2023-26557HIGHCVSS 7.5EG 7.5✓ Fixed in 1.3.6-0.20230324145555-bb6fb30bd3eb
2023-04-21
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is …

Check whether github.com/bnb-chain/tss-lib is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/bnb-chain/tss-lib CVEs against the assets you own.

Start Free Scan →