Zhiyuan Zhang

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions prior to 5.8.4 **Description** Certain constant-time implementations within wolfSSL may be altered by LLVM optimizations into non-constant-time binaries. This transformation can introduce observable timing discrepancies, potentially leading to information disclosure through timing side-channel attacks. **Recommendations** Update to wolfSSL version 5.8.4 or later.

Name of the Vulnerable Software and Affected Versions: liboqs versions prior to 0.14.0 Description: liboqs is a C-language cryptographic library providing post-quantum cryptography algorithm implementations. Secret-dependent branches were identified in the HQC key encapsulation mechanism reference implementation when compiled with Clang at optimization levels above -O0. A proof-of-concept local attack exploits this secret-dependent information to recover the entire secret key. Recommendations: Update to version 0.14.0 or later.