Name of the Vulnerable Software and Affected Versions PyPQC versions prior to 0.0.6.1

Description An attacker able to submit many decapsulation requests against a single private key, and to gain timing information about the decapsulation, could recover the private key. A proof-of-concept exploit exists for a local attacker.

Recommendations For PyPQC versions prior to 0.0.6.1, upgrade to version 0.0.6.1 or newer, as it is a drop-in replacement with no known breaking changes.