The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:binance:tss-lib:*:*:*:*:*:*:*:*"
],
"vendor_product": "binance:tss-lib",
"extracted_events": [
{
"fixed": "1.2.0"
}
],
"source": "CPE_RANGE"
}
]
}