Lucene search

Ubuntu.comUB:CVE-2024-31510

HistoryMay 24, 2024 - 12:00 a.m.

CVE-2024-31510

2024-05-2400:00:00

ubuntu.com

open quantum safe

privilege escalation

remote attacker

crypto_sign_signature

pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2

bugs

debian

6.8 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to
escalate privileges via the crypto_sign_signature parameter in the
/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072118>

References

gist.github.com/liang-junkai/a9fc693f8bdf176e9d9f56773bf20703

github.com/liang-junkai/Fault-injection-of-ML-DSA

github.com/open-quantum-safe/liboqs

launchpad.net/bugs/cve/CVE-2024-31510

nvd.nist.gov/vuln/detail/CVE-2024-31510

security-tracker.debian.org/tracker/CVE-2024-31510

www.cve.org/CVERecord?id=CVE-2024-31510