CVE-2024-36405 Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options

🗓️ 10 Jun 2024 12:17:47Reported by GitHub_MType

Control-flow timing leak in Kyber reference implementation with Clang 15-18 for -Os, -O1

Reporter	Title	Published	Views	Family All 8
OSV	CVE-2024-36405	10 Jun 202413:15	–	osv
OSV	OPENSUSE-SU-2024:14039-1 liboqs-devel-0.10.1-1.1 on GA media	15 Jun 202400:00	–	osv
CVE	CVE-2024-36405	10 Jun 202413:15	–	cve
NVD	CVE-2024-36405	10 Jun 202413:15	–	nvd
Vulnrichment	CVE-2024-36405 Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options	10 Jun 202412:47	–	vulnrichment
Debian CVE	CVE-2024-36405	10 Jun 202413:15	–	debiancve
OpenVAS	openSUSE Security Advisory (SUSE-SU-2025:0005-1)	7 Jan 202500:00	–	openvas
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : liboqs, oqs-provider (SUSE-SU-2025:0005-1)	4 Jan 202500:00	–	nessus

[
  {
    "vendor": "open-quantum-safe",
    "product": "liboqs",
    "versions": [
      {
        "version": "< 0.10.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/open-quantum-safe/liboqs/commit/982c762c242ef549c914891b47bf6e0ed6321f91
github	www.github.com/open-quantum-safe/liboqs/blob/7eecda6095c003ddded7175a1ffdf35a2ce63ed5/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c
github	www.github.com/open-quantum-safe/liboqs/security/advisories/GHSA-f2v9-5498-2vpp
github	www.github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo