CVE-2023-33242

CRITICAL

lindell17 - Private Key Extraction via Abort Handling in Lindell17 TSS Protocol

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-33242. PoCs published by d0rb.

AI-analyzed exploit summary This PoC demonstrates a bit extraction exploit against the Lindell17 protocol, allowing an attacker to recover the private key by leveraging mishandled aborts during signature attempts. The code simulates the vulnerability by iteratively extracting bits of the secret share.

Description

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.

Exploits (1)

nomisec WORKING POC 4 stars
by d0rb · poc
https://github.com/d0rb/CVE-2023-33242

This PoC demonstrates a bit extraction exploit against the Lindell17 protocol, allowing an attacker to recover the private key by leveraging mishandled aborts during signature attempts. The code simulates the vulnerability by iteratively extracting bits of the secret share.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: Lindell17 protocol (simulated implementation)
No auth needed
Prerequisites: Access to the Lindell17 protocol implementation · Ability to send multiple signature requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.6
EPSS 0.0109
EPSS Percentile 61.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-74
Status published
Products (1)
lindell17_project/lindell17
Published Aug 09, 2023
Tracked Since Feb 18, 2026