Vulnerability Report: GO-2024-3288
- GHSA-7f6p-phw2-8253
- Affects: github.com/taurusgroup/multi-party-sig
- Published: Nov 27, 2024
- Unreviewed
Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws in github.com/taurusgroup/multi-party-sig
For detailed information about this vulnerability, visit https://github.com/taurushq-io/multi-party-sig/security/advisories/GHSA-7f6p-phw2-8253.
Affected Modules
-
PathGo Versions
-
all versions, no known fixed
Aliases
References
- https://github.com/taurushq-io/multi-party-sig/security/advisories/GHSA-7f6p-phw2-8253
- https://eprint.iacr.org/2018/499.pdf
- https://github.com/taurushq-io/multi-party-sig/blob/4d84aafb57b437da1b933db9a265fb7ce4e7c138/internal/ot/extended.go#L188
- https://github.com/taurushq-io/multi-party-sig/blob/9e4400fccee89be6195d0a12dd0ed052288d5040/internal/ot/extended.go#L114
- https://github.com/taurushq-io/multi-party-sig/tree/otfix
- https://vuln.go.dev/ID/GO-2024-3288.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.