Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options
Vulnerability Description
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for `-Os`, `-O1`, and other compilation options. A proof-of-concept local attack on the reference implementation leaks the entire ML-KEM 512 secret key in ~10 minutes using end-to-end decapsulation timing measurements. The issue has been fixed in version 0.10.1. As a possible workaround, some compiler options may produce vectorized code that does not leak secret information, however relying on these compiler options as a workaround may not be reliable.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
liboqs 安全漏洞
Vulnerability Description
liboqs是Open Quantum Safe开源的一个用于量子安全加密算法的开源 C 库。 liboqs存在安全漏洞,该漏洞源于控制流时序不足。
CVSS Information
N/A
Vulnerability Type
N/A