postquantum-feldman-vss@0.8.0b3 vulnerabilities

licenses detected

MIT
[0,)

View postquantum-feldman-vss package health on Snyk Advisor (opens in a new tab)

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the postquantum-feldman-vss package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Covert Timing Channel PostQuantum-Feldman-VSS is a Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python Affected versions of this package are vulnerable to Covert Timing Channel through the `_find_secure_pivot` and `_secure_matrix_solve` functions. An attacker can extract secret information used in the Verifiable Secret Sharing (VSS) scheme by measuring the execution time of these functions with carefully crafted inputs. How to fix Covert Timing Channel? There is no fixed version for `PostQuantum-Feldman-VSS`.	[0,)

Covert Timing Channel

PostQuantum-Feldman-VSS is a Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python

Affected versions of this package are vulnerable to Covert Timing Channel through the _find_secure_pivot and _secure_matrix_solve functions. An attacker can extract secret information used in the Verifiable Secret Sharing (VSS) scheme by measuring the execution time of these functions with carefully crafted inputs.

How to fix Covert Timing Channel?

There is no fixed version for PostQuantum-Feldman-VSS.

[0,)

Go back to all versions of this package