Signature Placement in Post-Quantum TLS Certificate Hierarchies: An Experimental Study of ML-DSA and SLH-DSA in TLS 1.3 Authentication

Post-quantum migration in TLS 1.3 should not be understood as a flat substitution problem in which one signature algorithm is replaced by another and deployment cost is inferred directly from primitive-level benchmarks. In certificate-based authentication, the practical effect of a signature fami...

SUSE-SU-2025:0005-1 Security update for liboqs, oqs-provider

This update for liboqs, oqs-provider fixes the following issues: This update supplies the new FIPS standardized ML-KEM, ML-DSA, SHL-DSA algorithms. This update liboqs to 0.12.0: - This release updates the ML-DSA implementation to the final FIPS 204 version. This release still includes the NIST...

CVE-2024-37305

A flaw was found in oqs-provider, which is an OpenSSL 3 provider that contains post-quantum algorithms. The issue occurs from the way oqs-provider handles lengths decoded with DECODEUINT32 at the start of serialized hybrid traditional + post-quantum keys and signatures. As a result, malformed inp...

OPENSUSE-SU-2024:14054-1 oqs-provider-0.6.1-1.1 on GA media

These are all security issues fixed in the oqs-provider-0.6.1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-37305

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODEUINT32 at the start of...

CVE-2024-37305 Buffer overflow in deserialization in oqs-provider

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODEUINT32 at the start of...

CVE-2024-37305 Buffer overflow in deserialization in oqs-provider

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODEUINT32 at the start of...

CVE-2024-37305 Buffer overflow in deserialization in oqs-provider

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODEUINT32 at the start of...

CVE-2024-37305

CVE-2024-37305 affects the oqs-provider (OpenSSL 3 post-quantum provider) where lengths decoded with DECODE_UINT32 at the start of serialized hybrid keys/signatures are unchecked, enabling out-of-bounds memory reads/writes that can crash or leak information. The issue does not affect plain/non-hy...

PT-2024-27463 · Unknown +1 · Oqs-Provider +1

Name of the Vulnerable Software and Affected Versions: oqs-provider versions prior to 0.6.1 Description: The issue arises from the way oqs-provider handles lengths decoded with DECODE UINT32 at the start of serialized hybrid keys and signatures. Unchecked length values are later used for memory...