CVE-2023-24025

Name of the Vulnerable Software and Affected Versions PQClean version d03da30

Description The issue allows universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector. This is related to CRYSTALS-DILITHIUM in Post-Quantum Cryptography Selected Algorithms 2022.

Recommendations For PQClean version d03da30, consider applying a patch or fix to prevent intermediate data leakage and mitigate the risk of universal forgeries of digital signatures. As a temporary workaround, consider restricting access to the digital signature functionality until a patch is available.