Moderate severityNVD Advisory· Published Apr 21, 2023· Updated Feb 5, 2025
CVE-2022-47930
CVE-2022-47930
Description
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/bnb-chain/tss-libGo | < 2.0.0 | 2.0.0 |
github.com/binance-chain/tss-libGo | < 2.0.0 | 2.0.0 |
Affected products
6- IO FinNet/tss-libdescription
- ghsa-coords5 versionspkg:golang/github.com/binance-chain/tss-libpkg:golang/github.com/bnb-chain/tss-libpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 2.0.0+ 4 more
- (no CPE)range: < 2.0.0
- (no CPE)range: < 2.0.0
- (no CPE)range: < 0.0.20250207T224745-150000.1.32.1
- (no CPE)range: < 0.0.20250207T224745-1.1
- (no CPE)range: < 0.0.20250207T224745-150000.1.32.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-c58h-qv6g-fw74ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-47930ghsaADVISORY
- github.com/IoFinnet/tss-lib/releases/tag/v2.0.0ghsaWEB
- github.com/bnb-chain/tss-lib/commit/1a14f3ac9ecbf6115e80d44c7fff16bcc3139250ghsaWEB
- github.com/bnb-chain/tss-lib/pull/256ghsaWEB
- medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155bghsaWEB
- medium.com/%40iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155bmitre
News mentions
0No linked articles in our index yet.