CVE-2022-47931

IO FinNet tss-lib before 2.0.0 allows a collision of hash values.

Weakness

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Affected Software

Name	Vendor	Start Version	End Version
Tss-lib	Iofinnet	*	2.0.0 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/112.html
https://cwe.mitre.org/data/definitions/192.html
https://cwe.mitre.org/data/definitions/20.html

References

https://github.com/IoFinnet/tss-lib/commit/369ec50be1437588a9733443bcb2f15b794601d4
https://github.com/IoFinnet/tss-lib/releases/tag/v2.0.0
https://medium.com/%40iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b
https://github.com/IoFinnet/tss-lib/commit/369ec50be1437588a9733443bcb2f15b794601d4
https://github.com/IoFinnet/tss-lib/releases/tag/v2.0.0
https://medium.com/%40iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-47931
CWE	https://cwe.mitre.org/data/definitions/326.html

Inadequate Encryption Strength

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References