github.com/binance-chain/tss-lib
govv1.3.5Threshold Signature Scheme, for ECDSA and EDDSA
10 versions23 maintainers0 deps1,009 weekly dl
binance-chain/tss-lib25
/ 100
Health
do not use
github.com/binance-chain/tss-lib has critical vulnerabilities — do not use
Update to >= 1.3.6-0.20230324145555-bb6fb30bd3eb to fix known vulnerabilities
- Low health score (25/100)
- 1 high severity vulnerabilities
- 1 critical vulnerabilities
Health breakdown0 – 100
0/25
maintenance
6/20
popularity
8/25
security
6/15
maturity
5/15
community
Vulnerabilities
7
1 critical1 high1 medium4 low
Advisories (7)
| Severity | ID | Summary | Fixed in |
|---|---|---|---|
| critical | CVE-2023-26556 | IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar multiplication | 2.0.0 |
| medium | CVE-2022-47930 | IO FinNet tss-lib vulnerable to replay attacks involving proofs | 2.0.0 |
| high | CVE-2023-26557 | IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar arithmetic | 1.3.6-0.20230324145555-bb6fb30bd3eb |
| unknown | CVE-2023-26556 | Timing attack from non-constant time scalar multiplication in github.com/bnb-chain/tss-lib | 1.3.6-0.20230324145555-bb6fb30bd3eb |
| unknown | CVE-2023-26557 | Timing attack from non-constant time scalar arithmetic in github.com/bnb-chain/tss-lib | 1.3.6-0.20230324145555-bb6fb30bd3eb |
| unknown | CVE-2022-47930 | Replay attacks involving proofs in github.com/bnb-chain/tss-lib | — |
| unknown | CVE-2022-47931 | Collision of hash values in github.com/bnb-chain/tss-lib | 1.3.6-0.20230324145555-bb6fb30bd3eb |
Health History
Dependency Tree
License Audit
API access
Get this data programmatically — free, no authentication.
curl https://depscope.dev/api/check/go/github.com/binance-chain/tss-libLast updated · 2022-09-23T02:44:11Z