Vishnu2707

**Name of the Vulnerable Software and Affected Versions** liboqs versions prior to 0.16.0 **Description** An out-of-bounds read exists in the XMSS and XMSS^MT stateful signature verification code. This occurs when the verification function is called with a signature buffer sized for the declared algorithm, but the public key contains OID bytes (`pk[0..3]`) referencing a different XMSS parameter set with larger `sig bytes`. The implementation re-parses the OID within the `xmss sign open()` and `xmssmt sign open()` functions and uses the larger `sig bytes` value to index the signature buffer. The out-of-bounds bytes are used as input for an internal hash computation and are not returned to the caller, preventing data leakage. The primary impact is a potential denial of service via a process crash if the read accesses an unmapped memory page. **Recommendations** Update to version 0.16.0.