CVE-2023-33242

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 9, 2023

Updated: Aug 25, 2023

CWE ID 74

Summary

CVE-2023-33242 is a vulnerability affecting crypto wallets using the Lindell17 Threshold Signature Scheme (TSS) protocol. These wallets may allow unauthorized access to the full ECDSA private key by permitting an attacker to extract a single bit in every signature attempt, amounting to 256 bits in total. The issue arises due to these wallets failing to comply with the security proof assumptions for handling aborts after unsuccessful signature verification. This vulnerability poses a significant risk to users' digital assets and highlights the importance of adhering to protocol security requirements.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sSCAC-
https://www.cve.org/CVERecord?id=CVE-2023-33242
https://nvd.nist.gov/vuln/detail/CVE-2023-33242

Back to Vulnerability Database

CVE-2023-33242

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations