vulnerability
FreeBSD: VID-DC087DAD-BD71-11EF-B5A1-000EC6D40964 (CVE-2024-54137): liboqs -- Correctness error in HQC decapsulation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:H/Au:N/C:C/I:C/A:N) | 2024-11-29 | 2024-12-20 | 2025-02-18 |
Severity
7
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:N)
Published
2024-11-29
Added
2024-12-20
Modified
2025-02-18
Description
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0.
Solution
freebsd-upgrade-package-liboqs
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.