vulnerability
FreeBSD: VID-dc087dad-bd71-11ef-b5a1-000ec6d40964 (CVE-2024-54137): liboqs -- Correctness error in HQC decapsulation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:N) | Dec 18, 2024 | Dec 20, 2024 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:N)
Published
Dec 18, 2024
Added
Dec 20, 2024
Modified
Dec 10, 2025
Description
The Open Quantum Safe project reports: A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. No concrete attack exploiting the error has been identified at this point. However, the error involves mishandling of the secret key, and in principle this presents a security vulnerability.
Solution
freebsd-upgrade-package-liboqs
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.