GHSA-p4v8-jgcv-9g75 – safe_pqc_kyber

Package

Manager: cargo
Name: safe_pqc_kyber
Vulnerable Version: >=0 <0.6.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

safe_pqc_kyber leaks parts of secret keys ### Impact On some platforms, when an attacker can time decapsulation, and in particular when the attacker can forge cipher texts, they can learn (parts of) the secret key. Does not apply to ephemeral usage, such as when used in the regular way in TLS. ### Patches Patched in 0.6.2. ### References - [kyberslash.cr.yp.to](https://kyberslash.cr.yp.to)

Metadata

Created: 2024-01-03T21:40:45Z
Modified: 2024-01-03T21:40:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-p4v8-jgcv-9g75/GHSA-p4v8-jgcv-9g75.json
CWE IDs: []
Alternative ID: N/A
Finding: F115
Auto approve: 1