← Voltar para CVEs
CVE-2023-33241
CRITICAL9.6
Descricao
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signatures or more fully exfiltrate the other parties' private key shares.
Detalhes CVE
Pontuacao CVSS v3.19.6
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado8/9/2023
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
gg18_project:gg18gg20_project:gg20
Fraquezas (CWE)
CWE-74
Referencias
https://eprint.iacr.org/2019/114.pdf(disclosures@halborn.com)
https://eprint.iacr.org/2020/540.pdf(disclosures@halborn.com)
https://github.com/fireblocks-labs/mpc-ecdsa-attacks-23(disclosures@halborn.com)
https://github.com/fireblocks-labs/safeheron-gg20-exploit-poc(disclosures@halborn.com)
https://www.fireblocks.com/blog/gg18-and-gg20-paillier-key-vulnerability-technical-report/(disclosures@halborn.com)
https://eprint.iacr.org/2019/114.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://eprint.iacr.org/2020/540.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/fireblocks-labs/mpc-ecdsa-attacks-23(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/fireblocks-labs/safeheron-gg20-exploit-poc(af854a3a-2127-422b-91ae-364da2661108)
https://www.fireblocks.com/blog/gg18-and-gg20-paillier-key-vulnerability-technical-report/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.