CVE-2024-36405

CVE-2024-36405 affects the liboqs reference Kyber KEM implementation. A control-flow timing leak arises when the Kyber KEM is compiled with Clang 15–18 under certain options (including -Os and -O1), enabling a local attacker to measure decapsulation timings and recover the entire ML-KEM 512 secre...

GHSA-HVH4-5QR6-3V7R Observable Timing Discrepancy in pypqc

Impact kyber512, kyber768, and kyber1024 on Mac OS \or when compiled with clang\ only: An attacker able to submit many decapsulation requests against a single private key, and to gain timing information about the decapsulation, could recover the private key. Proof-of-concept exploit exists for a...