Name of the Vulnerable Software and Affected Versions: PQClean (affected versions not specified)

Description: A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism, where an indexing error causes part of the secret key to be incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. Although no concrete attack has been identified, the error involves mishandling of the secret key, presenting a security risk.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.