CVE-2023-26557

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-203
View all →

Vulnerability Description

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)

Related Vulnerabilities

CVE-2016-6489

HIGH
CVSS:7.5(High)

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

CWE-2032016

CVE-2017-9735

HIGH
CVSS:7.5(High)

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect pa...

CWE-2032017

CVE-2018-9364

HIGH
CVSS:7.5(High)

In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation.

CWE-2032018

CVE-2019-10114

HIGH
CVSS:7.5(High)

An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication pr...

CWE-2032019

CVE-2019-18850

HIGH
CVSS:7.5(High)

TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and int...

CWE-2032019