Unrated severityNVD Advisory· Published Dec 6, 2024· Updated Dec 10, 2024
liboqs has a correctness error in HQC decapsulation
CVE-2024-54137
Description
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7<0.12.0+ 1 more
- (no CPE)range: <0.12.0
- (no CPE)range: < 0.12.0
- osv-coords5 versionspkg:rpm/opensuse/liboqs&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/liboqs&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/oqs-provider&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/liboqs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/oqs-provider&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 0.12.0-150600.3.3.1+ 4 more
- (no CPE)range: < 0.12.0-150600.3.3.1
- (no CPE)range: < 0.12.0-1.1
- (no CPE)range: < 0.7.0-150600.3.3.1
- (no CPE)range: < 0.12.0-150600.3.3.1
- (no CPE)range: < 0.7.0-150600.3.3.1
Patches
Vulnerability mechanics
References
2- github.com/open-quantum-safe/liboqs/commit/cce1bfde4e52c524b087b9687020d283fbde0f24mitrex_refsource_MISC
- github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.