Markku-Juhani O. Saarinen

#31898of 53,635
7.9Total CVSS
Vulnerabilities · 3
Low
3
PT-2025-23341
3.7
2025-05-30
Liboqs · Liboqs · CVE-2025-48946
**Name of the Vulnerable Software and Affected Versions** liboqs versions prior to 0.13.0 **Description** The issue is related to a theoretical design flaw in the HQC algorithm, which is implemented in liboqs. This flaw can lead to large numbers of malformed ciphertexts sharing the same implicit rejection value. Although no concrete attack on the algorithm is currently known, users of HQC must exercise extra caution when using the algorithm in protocols involving key derivation. The HQC algorithm does not provide the same security guarantees as other algorithms like Kyber or ML-KEM. **Recommendations** For liboqs versions prior to 0.13.0, consider disabling the HQC algorithm to minimize potential risks until an updated algorithm specification is released by the HQC team and implemented in liboqs. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but HQC is disabled by default in liboqs starting from version 0.13.0.
PT-2004-3031
2.1
2004-05-26
Linux · Linux Kernel · CVE-2004-2135
**Name of the Vulnerable Software and Affected Versions** Linux kernel version 2.6.x **Description** The issue concerns a weakness in the `cryptoloop` on Linux kernel, specifically with "IV computation" when used on certain file systems with a block size of 1024 or greater. This weakness allows watermarked files to be detected without decryption. **Recommendations** For Linux kernel version 2.6.x, consider applying configuration changes to mitigate the risk, such as avoiding the use of `cryptoloop` on file systems with a block size of 1024 or greater until a fix is available.
PT-2004-3032
2.1
2004-02-19
Linux · Linux Kernel · CVE-2004-2136
**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.6.x **Description** The issue concerns a weakness in dm-crypt on Linux kernel, specifically with "IV computation" when used on certain file systems with a block size of 1024 or greater. This weakness allows watermarked files to be detected without decryption. **Recommendations** For Linux kernel version 2.6.x, consider updating to a newer version that addresses the "IV computation" weaknesses in dm-crypt to prevent the detection of watermarked files without decryption.