漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
CGGMP24 is missing a check in the ZK proof used in CGGMP21
Vulnerability Description
CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. This issue has been patched in version 0.6.3, for full mitigation it is recommended to upgrade to cggmp24 version 0.7.0-alpha.2 as it contains more security checks.
CVSS Information
N/A
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
cggmp21 数据伪造问题漏洞
Vulnerability Description
cggmp21是Lockness开源的一个Rust库。 cggmp21 0.6.3之前版本存在数据伪造问题漏洞,该漏洞源于ZK证明中缺少检查,可能导致恶意签名者重建完整私钥。
CVSS Information
N/A
Vulnerability Type
N/A