x/vulndb: potential Go vuln in github.com/bnb-chain/tss-lib: GHSA-h24c-6p6p-m3vx

GoVulnBot commented 1 year ago

In GitHub Security Advisory GHSA-h24c-6p6p-m3vx, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/bnb-chain/tss-lib		<= 1.3.5

Cross references:

Module github.com/bnb-chain/tss-lib appears in issue #1732
Module github.com/bnb-chain/tss-lib appears in issue #1733
Module github.com/bnb-chain/tss-lib appears in issue #1867
Module github.com/bnb-chain/tss-lib appears in issue #1904

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/bnb-chain/tss-lib
      versions:
        - {}
      vulnerable_at: 1.3.5
      packages:
        - package: github.com/bnb-chain/tss-lib
summary: tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
description: |-
    ### Impact

    The specification of the GG18 threshold ECDSA signature protocol contains a
    vulnerability allowing an attacker to recover the shared secret key. If a
    participant generates a Paillier modulus `N` containing small factors (less than
    `2^100`) they can interact with other participants in the signing protocol to
    steal their secret key shares in as little as sixteen signing attempts. The
    master key can then be reconstructed from these shares.

    ### Patches

    The implementation of GG18 in tss-lib did not prove that `N` is biprime or that
    it doesn't contain small factors. The fixed implementation adds the following
    proofs from the CGGMP21 threshold ECDSA protocol to the key generation:

    - Paillier-Blum Modulus (`N` is the product of two primes)
    - No Small Factor (both factors of `N` are greater than `2^256`)

    These proofs apply to both the Paillier encryption modulus `N`, and the modulus
    `NTilde` used in MTA proofs.

    To address the issue in the resharing protocol, an additional round has been
    added to the end so that participants can confirm that they received valid
    proofs.

    ### References

    - [GG18](https://eprint.iacr.org/2019/114)
    - [CGGMP21](https://eprint.iacr.org/2021/060)
ghsas:
    - GHSA-h24c-6p6p-m3vx
references:
    - advisory: https://github.com/threshold-network/tss-lib/security/advisories/GHSA-h24c-6p6p-m3vx
    - fix: https://github.com/threshold-network/tss-lib/commit/2e712689cfbeefede15f95a0ec7112227d86f702
    - web: https://eprint.iacr.org/2019/114
    - web: https://eprint.iacr.org/2021/060
    - advisory: https://github.com/advisories/GHSA-h24c-6p6p-m3vx

timothy-king commented 1 year ago

Report and fix are for github.com/threshold-network/tss-lib. This is a fork of github.com/bnb-chain/tss-lib. The go.mod path in the threshold-network is not updated from github.com/bnb-chain/tss-lib. So this fix and vulnerability are not directly importable. Updating to excluded status.

gopherbot commented 1 year ago

Change https://go.dev/cl/528596 mentions this issue: data/excluded: batch add 10 excluded reports

gopherbot commented 4 months ago

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports

golang / vulndb

x/vulndb: potential Go vuln in github.com/bnb-chain/tss-lib: GHSA-h24c-6p6p-m3vx #2035