PT-2026-38310 · Pypi · Pyquorum
Published
2026-05-06
·
Updated
2026-05-13
·
CVE-2026-44368
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
PyQuorum versions prior to 0.2.1
Description
The
mul mod() function implements multiplication using a binary expansion loop. The execution time of this process depends on the Hamming weight (the number of symbols that are different from zero) of the second operand, which serves as the exponent. An attacker capable of measuring the time taken for secret-sharing operations, such as through a remote service, could progressively recover share values and eventually reconstruct the secret.Recommendations
Update to version 0.2.1.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pyquorum