10 matches found
EUVD-2024-36062
Malicious code in bioql PyPI...
CVE-2024-37880
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because polyfrommsg in poly.c does not prevent Clang from...
CVE-2024-36405 Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for -Os, -O1, and other...
CVE-2024-36405 Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for -Os, -O1, and other...
CVE-2024-36405
CVE-2024-36405 affects the liboqs reference Kyber KEM implementation. A control-flow timing leak arises when the Kyber KEM is compiled with Clang 15–18 under certain options (including -Os and -O1), enabling a local attacker to measure decapsulation timings and recover the entire ML-KEM 512 secre...
CVE-2024-36405
Removed by vendor...
CVE-2024-37880
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because polyfrommsg in poly.c does not prevent Clang from...
PT-2024-4342 · Liboqs +1 · Liboqs +1
Name of the Vulnerable Software and Affected Versions: liboqs versions prior to 0.10.1 Description: A control-flow timing issue has been identified in the reference implementation of the Kyber key encapsulation mechanism in liboqs, a C-language cryptographic library that provides implementations ...
CVE-2024-37880
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because polyfrommsg in poly.c does not prevent Clang from...
CVE-2024-37880
The CVE affects the Kyber reference implementation prior to 9b8d306. The vulnerability is a timing side channel where poly_frommsg in poly.c can yield a vulnerable secret-dependent branch when compiled with LLVM Clang (through 18.x) with common optimizations, enabling attackers to recover an ML-K...