PT-2024-36065 · Liboqs+2 · Liboqs+2

Iarce-Qb

Published

2024-12-06

Updated

2025-03-31

CVE-2024-54137

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: liboqs versions prior to 0.12.0

Description: A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism in liboqs, a C-language cryptographic library. The error is due to an indexing issue, causing part of the secret key to be incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext.

Recommendations: For versions prior to 0.12.0, update to version 0.12.0 to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2024-16894

ALT-PU-2024-17674

CVE-2024-54137

GHSA-GPF4-VRRW-R8V7

OPENSUSE-SU-2024:14580-1

OPENSUSE-SU-2025_0005-1

SUSE-SU-2025:0005-1

Affected Products

Alt Linux

Suse

Liboqs

PT-2024-36065 · Liboqs+2 · Liboqs+2

CVE-2024-54137

Weakness Enumeration

Related Identifiers

Affected Products

References · 17