What is CVE-2024-36405?

CVE-2024-36405 is a medium-severity vulnerability in Open-quantum-safe Liboqs, classified under CWE-208. CVSS score: 5.9/10. Published 2024-06-10.

How severe is CVE-2024-36405?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Open-quantum-safe Liboqs

CVE-2024-36405

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism whe…

EPSS: 0.005 (64.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Open-quantum-safe Liboqs — versions < 0.10.1

Weakness classification (CWE)

References

https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-f2v9-5498-2vpp (x_refsource_CONFIRM)
https://github.com/open-quantum-safe/liboqs/commit/982c762c242ef549c914891b47bf6e0ed6321f91 (x_refsource_MISC)
https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c (x_refsource_MISC)
https://github.com/open-quantum-safe/liboqs/blob/7eecda6095c003ddded7175a1ffdf35a2ce63ed5/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c#L166 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-36405?: CVE-2024-36405 is a medium-severity vulnerability in Open-quantum-safe Liboqs, classified under CWE-208. CVSS score: 5.9/10. Published 2024-06-10.
How severe is CVE-2024-36405?: Medium severity. CVSS v3 base score is 5.9 out of 10.