CVE-2025-29780
Gravedad CVSS v4.0:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
14/03/2025
Última modificación:
14/03/2025
Descripción
*** Pendiente de traducción *** Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.7.6b0 and prior, the `feldman_vss` library contains timing side-channel vulnerabilities in its matrix operations, specifically within the `_find_secure_pivot` function and potentially other parts of `_secure_matrix_solve`. These vulnerabilities are due to Python's execution model, which does not guarantee constant-time execution. An attacker with the ability to measure the execution time of these functions (e.g., through repeated calls with carefully crafted inputs) could potentially recover secret information used in the Verifiable Secret Sharing (VSS) scheme. The `_find_secure_pivot` function, used during Gaussian elimination in `_secure_matrix_solve`, attempts to find a non-zero pivot element. However, the conditional statement `if matrix[row][col] != 0 and row_random
Impacto
Puntuación base 4.0
5.80
Gravedad 4.0
MEDIA