{"id":"GO-2023-1733","summary":"Timing attack from non-constant time scalar arithmetic in github.com/bnb-chain/tss-lib","details":"Timing attack from non-constant time scalar arithmetic in github.com/bnb-chain/tss-lib.","aliases":["CVE-2023-26557","GHSA-mjqv-xhgm-gx8c"],"modified":"2025-02-05T20:42:12.163107Z","published":"2023-07-11T18:44:28Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2023-1733"},"references":[{"type":"ADVISORY","url":"https://medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b"}],"affected":[{"package":{"name":"github.com/bnb-chain/tss-lib","ecosystem":"Go","purl":"pkg:golang/github.com/bnb-chain/tss-lib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.3.6-0.20230324145555-bb6fb30bd3eb"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/bnb-chain/tss-lib/common"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-1733.json"}},{"package":{"name":"github.com/binance-chain/tss-lib","ecosystem":"Go","purl":"pkg:golang/github.com/binance-chain/tss-lib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/binance-chain/tss-lib/common"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-1733.json"}}],"schema_version":"1.7.3"}