CVE-2023-33241 Vulnerability Details

  /     /     /  

CVE-2023-33241 Metadata Quick Info

CVE Published: 09/08/2023 | CVE Updated: 10/10/2024 | CVE Year: 2023
Source: Halborn | Vendor: GG TSS Implementations | Product: Wallet
Status : PUBLISHED

CVE-2023-33241 Description

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signatures or more fully exfiltrate the other parties\' private key shares.

Metrics

CVSS Version: 3.1 | Base Score: 9.6 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Private Key Exfiltration
Source: GG TSS Implementations

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-474
CAPEC Description: CAPEC-474 Signature Spoofing by Key Theft


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-33241 Vulnerability Details