CVE-2024-54137
CVSS 3.1 Score 7.4 of 10 (high)
Details
Published Dec 6, 2024
CWE ID 200
Summary
CVE-2024-54137 affects the liboqs cryptographic library, which is used for implementing post-quantum cryptography algorithms. A flaw has been discovered in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, a portion of the secret key is mishandled and erroneously considered as non-secret data. As a consequence, an incorrect shared secret value is generated upon decapsulation of a malformed ciphertext. This issue has been rectified in version 0.12.0.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share