Iiviel

**Name of the Vulnerable Software and Affected Versions** CROSS versions prior to commit fc6b7e7 **Description** A buffer overflow exists in the `crypto sign open()` function caused by an underflow of the `mlen` integer. This occurs within the reference and optimized implementations of the CROSS post-quantum signature algorithm. **Recommendations** Update to the version containing commit fc6b7e7.