VYPR
Medium severity6.8NVD Advisory· Published Apr 21, 2023· Updated Jun 17, 2026

CVE-2022-47930

CVE-2022-47930

Description

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/bnb-chain/tss-libGo
< 2.0.02.0.0
github.com/binance-chain/tss-libGo
< 2.0.02.0.0

Affected products

6

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.