logo

Database

Improper authorization control for web services In liboqs

Description

An observable discrepancy was found in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels above -O0 onto -O1, -O2, and beyond. A proof-of-concept local attack exploits this secret-dependent information to recover the entire secret key.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package

Aliases

1. CVE-2025-524732. NVD-2025-524733. OSV-2025-52473

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.