What is the severity of CVE-2022-47930?

CVE-2022-47930 has been identified as a medium severity vulnerability due to its potential for message replay and spoofing.

How do I fix CVE-2022-47930?

To fix CVE-2022-47930, update the tss-lib library to version 2.0.0 or later.

What is the impact of CVE-2022-47930?

The impact of CVE-2022-47930 includes the ability to replay and spoof messages due to a missing session ID in the MPC implementation.

Which versions of tss-lib are affected by CVE-2022-47930?

Versions of tss-lib prior to 2.0.0 are affected by CVE-2022-47930.

Where can I find more information about CVE-2022-47930?

Additional information about CVE-2022-47930 can be found in security disclosure articles from the developers.

Vulnerability/
CVE-2022-47930

medium

6.8

CWE

294

21/4/2023

5/2/2025

CVE-2022-47930

First published: Fri Apr 21 2023(Updated: )

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
go/github.com/binance-chain/tss-lib	<2.0.0	2.0.0
go/github.com/bnb-chain/tss-lib	<2.0.0	2.0.0
Binance TSS-lib	<2.0.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-47930?
CVE-2022-47930 has been identified as a medium severity vulnerability due to its potential for message replay and spoofing.
How do I fix CVE-2022-47930?
To fix CVE-2022-47930, update the tss-lib library to version 2.0.0 or later.
What is the impact of CVE-2022-47930?
The impact of CVE-2022-47930 includes the ability to replay and spoof messages due to a missing session ID in the MPC implementation.
Which versions of tss-lib are affected by CVE-2022-47930?
Versions of tss-lib prior to 2.0.0 are affected by CVE-2022-47930.
Where can I find more information about CVE-2022-47930?
Additional information about CVE-2022-47930 can be found in security disclosure articles from the developers.

agent/type
agent/weakness
agent/author
agent/first-publish-date
agent/description
collector/mitre-cve
source/MITRE
collector/github-advisory-latest
source/GitHub
alias/GHSA-c58h-qv6g-fw74
alias/CVE-2022-47930
agent/software-canonical-lookup
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/source
agent/event
collector/github-advisory
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
collector/nvd-index
package-manager/go
vendor/iofinnet
canonical/binance tss-lib

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2022-47930?
CVE-2022-47930 has been identified as a medium severity vulnerability due to its potential for message replay and spoofing.
How do I fix CVE-2022-47930?
To fix CVE-2022-47930, update the tss-lib library to version 2.0.0 or later.
What is the impact of CVE-2022-47930?
The impact of CVE-2022-47930 includes the ability to replay and spoof messages due to a missing session ID in the MPC implementation.
Which versions of tss-lib are affected by CVE-2022-47930?
Versions of tss-lib prior to 2.0.0 are affected by CVE-2022-47930.
Where can I find more information about CVE-2022-47930?
Additional information about CVE-2022-47930 can be found in security disclosure articles from the developers.