GHSA-7r92-3jgr-r65q MEDIUM pip/pyquorum

CVE: CVE-2026-44368

Impact

The mul_mod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can measure the time of secret‑sharing operations (e.g., via a remote service) could progressively recover the values of shares, ultimately leading to secret reconstruction.

Patches

https://github.com/svvqt/pyquorum/releases/tag/v0.2.1

📌 来源: GitHub-Advisory | 🆔 CVE-2026-44368 | 📅 2026-05-06