Information Exposure Affecting github.com/taurusgroup/multi-party-sig/internal/ot package, versions >=0.0.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-GOLANG-GITHUBCOMTAURUSGROUPMULTIPARTYSIGINTERNALOT-8441259
- published27 Nov 2024
- disclosed25 Nov 2024
- creditYi-Hsiu Chen and Samuel Ranellucci
Introduced: 25 Nov 2024
New CVE NOT AVAILABLE CWE-200 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
There is no fixed version for github.com/taurusgroup/multi-party-sig/internal/ot.
Overview
Affected versions of this package are vulnerable to Information Exposure through the OT setup of the protocol, when it is reused for another execution of the OT extension.
Workaround
This vulnerability can be mitigated by not reusing an OT setup, to eliminate the secret recovery attack and by avoiding using the implementation of the DKLS protocol.