postquantum-feldman-vss@0.8.0b3 vulnerabilities

Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python

latest version

0.8.0b3

first published

8 days ago

latest version published

2 days ago

View postquantum-feldman-vss package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the postquantum-feldman-vss package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Covert Timing Channel PostQuantum-Feldman-VSS is a Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python Affected versions of this package are vulnerable to Covert Timing Channel through the `_find_secure_pivot` and `_secure_matrix_solve` functions. An attacker can extract secret information used in the Verifiable Secret Sharing (VSS) scheme by measuring the execution time of these functions with carefully crafted inputs. How to fix Covert Timing Channel? There is no fixed version for `PostQuantum-Feldman-VSS`.	[0,)

Covert Timing Channel

PostQuantum-Feldman-VSS is a Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python

Affected versions of this package are vulnerable to Covert Timing Channel through the _find_secure_pivot and _secure_matrix_solve functions. An attacker can extract secret information used in the Verifiable Secret Sharing (VSS) scheme by measuring the execution time of these functions with carefully crafted inputs.

How to fix Covert Timing Channel?

There is no fixed version for PostQuantum-Feldman-VSS.

[0,)

Go back to all versions of this package