Vulnerability Description
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lindell17 Project | Lindell17 | - |
Related Weaknesses (CWE)
References
- https://eprint.iacr.org/2017/552.pdfExploitThird Party Advisory
- https://github.com/fireblocks-labs/mpc-ecdsa-attacks-23Exploit
- https://github.com/fireblocks-labs/zengo-lindell17-exploit-pocExploit
- https://www.fireblocks.com/blog/lindell17-abort-vulnerability-technical-report/Third Party Advisory
- https://eprint.iacr.org/2017/552.pdfExploitThird Party Advisory
- https://github.com/fireblocks-labs/mpc-ecdsa-attacks-23Exploit
- https://github.com/fireblocks-labs/zengo-lindell17-exploit-pocExploit
- https://www.fireblocks.com/blog/lindell17-abort-vulnerability-technical-report/Third Party Advisory
FAQ
What is CVE-2023-33242?
CVE-2023-33242 is a vulnerability with a CVSS score of 9.6 (CRITICAL). Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of n...
How severe is CVE-2023-33242?
CVE-2023-33242 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-33242?
Check the references section above for vendor advisories and patch information. Affected products include: Lindell17 Project Lindell17.