Out-of-bounds read In liboqs
Description
A flaw was found in liboqs, a C-language cryptographic library. An out-of-bounds read vulnerability exists in the XMSS and XMSS^MT stateful signature verification code. A remote attacker could exploit this by providing a specially crafted public key that causes the verification function to read beyond the bounds of the provided signature buffer. This can lead to a denial of service (DoS) due to a possible crash of the verifying process.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package |
|---|---|
 rpm rhel10 |
Aliases
1. 2. 3.