CVE-2023-33242

Lindell17 TSS Abort Mishandling

CVSS 9.6 CRITICALEPSS 1.1%

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected products

Lindell TSS Implementations · Wallet

public PoCs found — 1

githubgithub.com/d0rb/CVE-2023-33242★ 4

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://eprint.iacr.org/2017/552.pdf https://github.com/fireblocks-labs/mpc-ecdsa-attacks-23 https://github.com/fireblocks-labs/zengo-lindell17-exploit-poc https://www.fireblocks.com/blog/lindell17-abort-vulnerability-technical-report/