4 matches found
CVE-2024-36405
CVE-2024-36405 affects the liboqs reference Kyber KEM implementation. A control-flow timing leak arises when the Kyber KEM is compiled with Clang 15–18 under certain options (including -Os and -O1), enabling a local attacker to measure decapsulation timings and recover the entire ML-KEM 512 secre...
CVE-2024-54137
CVE-2024-54137 affects liboqs HQC KEM. A correctness error in the HQC decapsulation path caused part of the secret key to be treated as non-secret, resulting in an incorrect shared secret when decapsulating malformed ciphertexts. The fix is implemented in liboqs 0.12.0, as referenced by multiple ...
CVE-2025-48946
CVE-2025-48946 concerns the liboqs library (C), specifically the HQC algorithm implemented in versions prior to 0.13.0. The root cause is a theoretical design flaw in HQC that can lead to large numbers of malformed ciphertexts sharing the same implicit rejection value. The public descriptions sta...
CVE-2025-52473
CVE-2025-52473 affects the liboqs HQC KEM reference implementation. When compiled with Clang at optimization levels above -O0, the code contains secret-dependent branches that enable a proof-of-concept local attack to recover the entire secret key. The vulnerability is fixed in version 0.14.0. Im...