libcrux-sha3: Incorrect output from SHAKE squeeze functions

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...

libcrux-digest (>=0.0.4 <=0.0.7-rc.1), libcrux-kem (>=0.0.2 <=0.0.2-beta.3) +7 more potentially affected by unknown CVE via libcrux-sha3 (>=0.0.2-beta.3 <=0.0.8-rc.1)

libcrux-sha3 CARGO version =0.0.2-beta.3, =0.0.4, =0.0.2, =0.0.3, =0.0.2-alpha.1, =0.0.2-alpha.3 - libcrux-psq =0.0.2-beta.3 - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 - wpa-next =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-Q29P-9PFR-J652...

GHSA-Q29P-9PFR-J652 libcrux-sha3: Incorrect output from SHAKE squeeze functions

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...

MiracleLinux 9 : php:8.1 (AXSA:2023-5806:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5806:01 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-'...

php:7.4 security update

An update is available for module.php, module.php-pecl-xdebug, module.php-pear, module.php-pecl-apcu, php-pecl-rrd, php-pecl-zip, php, php-pear, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug, module.libzip, libzip. This update affects Rocky Linux 8. A Common Vulnerabili...

libcrux-aesgcm (=0.0.4-pre.1), libcrux-ml-dsa (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-intrinsics (>=0.0.3 <=0.0.4-pre.1)

libcrux-intrinsics CARGO version =0.0.3, =0.0.3, =0.0.3-alpha.3 Source cves: unknown CVE Source advisory: OSV:GHSA-2CGV-28VR-RV6J...

RUSTSEC-2025-0133 Incorrect calculation on aarch64

On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...

EUVD-2025-5561

Malicious code in bioql PyPI...

Malicious code in simple-js-sha3-512 (npm)

The package simple-js-sha3-512 was found to contain malicious code...

Malicious code in simple-js-sha3-256 (npm)

The package simple-js-sha3-256 was found to contain malicious code...

MAL-2025-41076 Malicious code in zs-sha3 (npm)

The package zs-sha3 was found to contain malicious code...

Malicious code in ns-sha3 (npm)

The package ns-sha3 was found to contain malicious code...

Malicious code in jw-sha3 (npm)

The package jw-sha3 was found to contain malicious code...

MAL-2025-23524 Malicious code in j3-sha3 (npm)

The package j3-sha3 was found to contain malicious code...

MAL-2025-24128 Malicious code in jw-sha3 (npm)

The package jw-sha3 was found to contain malicious code...

MAL-2025-33271 Malicious code in simple-js-sha3-512 (npm)

The package simple-js-sha3-512 was found to contain malicious code...

MAL-2025-16221 Malicious code in bs-sha3 (npm)

The package bs-sha3 was found to contain malicious code...

Malicious code in simple-js-sha3 (npm)

The package simple-js-sha3 was found to contain malicious code...

Malicious code in ks-sha3 (npm)

The package ks-sha3 was found to contain malicious code...

MAL-2025-33270 Malicious code in simple-js-sha3-384 (npm)

The package simple-js-sha3-384 was found to contain malicious code...