postquantum-feldman-vss 0.7.5b0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the postquantum-feldman-vss package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling PostQuantum-Feldman-VSS is a Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when performing arbitrary-precision calculations based on the GNU Multiple Precision Arithmetic Library (GMP), in functions such as `exp()`, `secure_exp()`, `efficient_multi_exp()`, `_secure_matrix_solve()`, and `_evaluate_polynomial()`, which can be made to allocate excessive memory and exhaust all memory available, causing a crash. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `PostQuantum-Feldman-VSS` to version 0.8.0b2 or higher.	[,0.8.0b2)
M Covert Timing Channel PostQuantum-Feldman-VSS is a Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python Affected versions of this package are vulnerable to Covert Timing Channel through the `_find_secure_pivot` and `_secure_matrix_solve` functions. An attacker can extract secret information used in the Verifiable Secret Sharing (VSS) scheme by measuring the execution time of these functions with carefully crafted inputs. How to fix Covert Timing Channel? There is no fixed version for `PostQuantum-Feldman-VSS`.	[0,)
M Use of a Cryptographic Primitive with a Risky Implementation PostQuantum-Feldman-VSS is a Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation due to inadequate countermeasures in `secure_redundant_execution`. An attacker can bypass redundancy check mechanisms, extract secret polynomial coefficients during share generation or verification, force the acceptance of invalid shares during verification, and manipulate the commitment verification process to accept fraudulent commitments by exploiting the weaknesses in fault injection countermeasures. This is only exploitable if the attacker has physical access to the hardware. How to fix Use of a Cryptographic Primitive with a Risky Implementation? Upgrade `PostQuantum-Feldman-VSS` to version 0.8.0b3 or higher.	[,0.8.0b3)

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling

PostQuantum-Feldman-VSS is a Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when performing arbitrary-precision calculations based on the GNU Multiple Precision Arithmetic Library (GMP), in functions such as exp(), secure_exp(), efficient_multi_exp(), _secure_matrix_solve(), and _evaluate_polynomial(), which can be made to allocate excessive memory and exhaust all memory available, causing a crash.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade PostQuantum-Feldman-VSS to version 0.8.0b2 or higher.

[,0.8.0b2)

Covert Timing Channel

PostQuantum-Feldman-VSS is a Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python

Affected versions of this package are vulnerable to Covert Timing Channel through the _find_secure_pivot and _secure_matrix_solve functions. An attacker can extract secret information used in the Verifiable Secret Sharing (VSS) scheme by measuring the execution time of these functions with carefully crafted inputs.

How to fix Covert Timing Channel?

There is no fixed version for PostQuantum-Feldman-VSS.

[0,)

Use of a Cryptographic Primitive with a Risky Implementation

PostQuantum-Feldman-VSS is a Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python

Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation due to inadequate countermeasures in secure_redundant_execution. An attacker can bypass redundancy check mechanisms, extract secret polynomial coefficients during share generation or verification, force the acceptance of invalid shares during verification, and manipulate the commitment verification process to accept fraudulent commitments by exploiting the weaknesses in fault injection countermeasures. This is only exploitable if the attacker has physical access to the hardware.

How to fix Use of a Cryptographic Primitive with a Risky Implementation?

Upgrade PostQuantum-Feldman-VSS to version 0.8.0b3 or higher.

[,0.8.0b3)

postquantum-feldman-vss@0.7.5b0 vulnerabilities

Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?