Lucene search

[email protected]NVD:CVE-2023-24025

HistoryJan 20, 2023 - 9:15 p.m.

CVE-2023-24025

2023-01-2021:15:11

CWE-347

[email protected]

web.nvd.nist.gov

post-quantum cryptography

crystals-dilithium

vulnerability

digital signature

template attack

data leakage

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

42.6%

JSON

CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.

Affected configurations

Nvd

Node

pqclean_projectpqcleanMatch-

VendorProductVersionCPE
pqclean_projectpqclean-cpe:2.3:a:pqclean_project:pqclean:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pqclean_project	pqclean	-	cpe:2.3:a:pqclean_project:pqclean:-:::::::*

References

csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022

eprint.iacr.org/2023/050

github.com/PQClean/PQClean/tree/d03da3053491e767ef842deaef43fc5bdb6bc911

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

42.6%

JSON

Related for NVD:CVE-2023-24025

cve1 prion1 cvelist1