{"vulnerability": "CVE-2023-26556", "sightings": [{"uuid": "baf90cde-2db4-4c50-8535-d361ae613d25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26556", "type": "seen", "source": "https://t.me/cibsecurity/62631", "content": "\u203c CVE-2023-26556 \u203c\n\nio.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-21T22:31:49.000000Z"}]}