logo

Database

Lack of data validation - Path Traversal In pyquorum

Description

pyquorum: Timing side‑channel in mul_mod

Impact

The mul_mod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can measure the time of secret‑sharing operations (e.g., via a remote service) could progressively recover the values of shares, ultimately leading to secret reconstruction.

Patches

https://github.com/svvqt/pyquorum/releases/tag/v0.2.1

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-443682. NVD-2026-443683. OSV-2026-443684. GHSA-7r92-3jgr-r65q5. GCVE-2026-44368

References

1. https://github.com/svvqt/pyquorum/security/advisories/GHSA-7r92-3jgr-r65q2. https://github.com/svvqt/pyquorum/commit/1e9ac41dd3c305c13d7a6b7d227bf325be82d7303. https://github.com/svvqt/pyquorum/releases/tag/v0.2.1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.