Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
liboqs has a correctness error in HQC decapsulation
Vulnerability Description
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
信息暴露
Vulnerability Title
liboqs 信息泄露漏洞
Vulnerability Description
liboqs是Open Quantum Safe开源的一个用于量子安全加密算法的开源 C 库。 liboqs 0.12.0之前版本存在信息泄露漏洞,该漏洞源于索引错误,部分密钥被错误地视为非秘密数据,导致在使用格式错误的密文调用解封装函数时返回错误的共享秘密值。
CVSS Information
N/A
Vulnerability Type
N/A