Lucene search
K

4 matches found

CVE
CVE
added 2024/06/10 12:47 p.m.82 views

CVE-2024-36405

CVE-2024-36405 affects the liboqs reference Kyber KEM implementation. A control-flow timing leak arises when the Kyber KEM is compiled with Clang 15–18 under certain options (including -Os and -O1), enabling a local attacker to measure decapsulation timings and recover the entire ML-KEM 512 secre...

7.5CVSS5.7AI score0.00515EPSS
CVE
CVE
added 2024/12/06 4:0 p.m.82 views

CVE-2024-54137

CVE-2024-54137 affects liboqs HQC KEM. A correctness error in the HQC decapsulation path caused part of the secret key to be treated as non-secret, resulting in an incorrect shared secret when decapsulating malformed ciphertexts. The fix is implemented in liboqs 0.12.0, as referenced by multiple ...

7.5CVSS7.3AI score0.00394EPSS
CVE
CVE
added 2025/05/30 7:21 p.m.48 views

CVE-2025-48946

CVE-2025-48946 concerns the liboqs library (C), specifically the HQC algorithm implemented in versions prior to 0.13.0. The root cause is a theoretical design flaw in HQC that can lead to large numbers of malformed ciphertexts sharing the same implicit rejection value. The public descriptions sta...

3.7CVSS7.2AI score0.00201EPSS
CVE
CVE
added 2025/07/10 6:42 p.m.27 views

CVE-2025-52473

CVE-2025-52473 affects the liboqs HQC KEM reference implementation. When compiled with Clang at optimization levels above -O0, the code contains secret-dependent branches that enable a proof-of-concept local attack to recover the entire secret key. The vulnerability is fixed in version 0.14.0. Im...

5.9CVSS6.1AI score0.002EPSS