FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-18 08:06:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
dc087dad-bd71-11ef-b5a1-000ec6d40964	liboqs -- Correctness error in HQC decapsulation The Open Quantum Safe project reports: A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. No concrete attack exploiting the error has been identified at this point. However, the error involves mishandling of the secret key, and in principle this presents a security vulnerability. Discovery 2024-11-29 Entry 2024-12-18 liboqs < 0.12.0 CVE-2024-54137 https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7

VuXML ID

Description

dc087dad-bd71-11ef-b5a1-000ec6d40964

liboqs -- Correctness error in HQC decapsulation

The Open Quantum Safe project reports:

A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext.

No concrete attack exploiting the error has been identified at this point. However, the error involves mishandling of the secret key, and in principle this presents a security vulnerability.

Discovery 2024-11-29
Entry 2024-12-18
liboqs

< 0.12.0

CVE-2024-54137
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7