CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29780 – Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations
https://notcve.org/view.php?id=CVE-2025-29780
14 Mar 2025 — Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.7.6b0 and prior, the `feldman_vss` library contains timing side-channel vulnerabilities in its matrix operations, specifically within the `_find_secure_pivot` function and potentially other parts of `_secure_matrix_solve`. These vulnerabilities are due to Python's execution model, which does not guarantee constant-time execution. An attacker with the abi... • https://en.wikipedia.org/wiki/Side-channel_attack • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-385: Covert Timing Channel •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29779 – Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`
https://notcve.org/view.php?id=CVE-2025-29779
14 Mar 2025 — Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.7.6b0 and prior, the `secure_redundant_execution` function in feldman_vss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist. Python's execution environment cannot guarantee true isolation between redundant executions, the constant-time comparison implem... • https://en.wikipedia.org/wiki/Fault_attack • CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation CWE-1279: Cryptographic Operations are run Before Supporting Units are Ready •