Headline
GHSA-p4v8-jgcv-9g75: safe_pqc_kyber leaks parts of secret keys
Impact
On some platforms, when an attacker can time decapsulation, and in particular when the attacker can forge cipher texts, they can learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 0.6.2.
References
Package
cargo safe_pqc_kyber (Rust)
Affected versions
< 0.6.2
Patched versions
0.6.2
Description
Impact
On some platforms, when an attacker can time decapsulation, and in particular when the attacker can forge cipher texts, they can learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 0.6.2.
References
- kyberslash.cr.yp.to
References
- GHSA-p4v8-jgcv-9g75
- bwesterb/argyle-kyber@b5c6ad1
- https://kyberslash.cr.yp.to/
bwesterb published to bwesterb/argyle-kyber
Dec 30, 2023
Published to the GitHub Advisory Database
Jan 3, 2024
Reviewed
Jan 3, 2024
Last updated
Jan 3, 2024