GO-2024-3288
- Source
- https://pkg.go.dev/vuln/GO-2024-3288
- Import Source
- https://vuln.go.dev/ID/GO-2024-3288.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2024-3288
- Aliases
- Published
- 2024-11-27T19:16:39Z
- Modified
- 2024-11-27T19:42:18.795326Z
- Summary
- Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws in github.com/taurusgroup/multi-party-sig
- Details
-
Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws in github.com/taurusgroup/multi-party-sig
- Database specific
{ "review_status": "UNREVIEWED", "url": "https://pkg.go.dev/vuln/GO-2024-3288" }- References
-
- https://github.com/taurushq-io/multi-party-sig/security/advisories/GHSA-7f6p-phw2-8253
- https://eprint.iacr.org/2018/499.pdf
- https://github.com/taurushq-io/multi-party-sig/blob/4d84aafb57b437da1b933db9a265fb7ce4e7c138/internal/ot/extended.go#L188
- https://github.com/taurushq-io/multi-party-sig/blob/9e4400fccee89be6195d0a12dd0ed052288d5040/internal/ot/extended.go#L114
- https://github.com/taurushq-io/multi-party-sig/tree/otfix
Affected packages
Go / github.com/taurusgroup/multi-party-sig
Package
- Name
- github.com/taurusgroup/multi-party-sig
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/taurusgroup/multi-party-sig