Skip to main content

liboqs CVE-2026-44518

| EUVDEUVD-2026-33412 MEDIUM
Improper Input Validation (CWE-20)
2026-05-29 GitHub_M
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
SUSE
MEDIUM
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Patch available
May 29, 2026 - 20:02 EUVD
Source Code Evidence Fetched
May 29, 2026 - 19:01 vuln.today
Analysis Generated
May 29, 2026 - 19:01 vuln.today

DescriptionGitHub Advisory

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature buffer shorter than the expected signature size for the given parameter set, the implementation does not validate the caller-supplied length and proceeds to read past the end of the buffer. The out-of-bounds bytes are consumed only as input to an internal hash computation and are not returned to the caller, so no oracle exists to leak their contents to an attacker. The primary observable effect is a possible crash (denial of service) of the verifying process if the read crosses into an unmapped memory page. This vulnerability is fixed in 0.16.0.

AnalysisAI

Out-of-bounds read in liboqs prior to 0.16.0 allows a remote unauthenticated attacker to crash the verifying process by supplying a truncated signature buffer to the XMSS or XMSS^MT stateful signature verification function. The missing caller-supplied length validation causes the implementation to read past the end of the buffer; the overread bytes feed into an internal hash computation only and are not returned to the caller, eliminating any data-leakage oracle. The primary real-world impact is a denial-of-service crash if the overread crosses an unmapped memory page. No public exploit or CISA KEV listing is identified at time of analysis.

Technical ContextAI

liboqs (open-quantum-safe/liboqs, CPE cpe:2.3:a:open-quantum-safe:liboqs:*:*:*:*:*:*:*:*) is an open-source C library implementing post-quantum cryptographic algorithms, including stateful hash-based signature schemes. The affected code resides in src/sig_stfl/xmss/sig_stfl_xmss_xmssmt.c, which implements the OQS_SIG_STFL_verify entry point for XMSS and XMSS^MT - stateful signature schemes standardized as part of NIST SP 800-208. The root cause is CWE-20 (Improper Input Validation): the verification function accepted a caller-supplied signature_len parameter and immediately began consuming the buffer in a hash computation without first checking that signature_len met the expected size for the selected parameter set. Real XMSS signatures are kilobytes in length; a 10-byte buffer is sufficient to trigger the overread. The commit ef70dea7c85e5637f37828d75e5b9bb29dbfe513 corrects this by inserting a strict equality guard - if signature_len != expected_length, OQS_ERROR is returned immediately - and adds a regression test (test_invalid_sig) that exercises exactly this path with a 10-byte malicious signature buffer.

RemediationAI

Upgrade liboqs to version 0.16.0, which contains the fix introduced by commit ef70dea7c85e5637f37828d75e5b9bb29dbfe513 (https://github.com/open-quantum-safe/liboqs/commit/ef70dea7c85e5637f37828d75e5b9bb29dbfe513). The vendor advisory is at https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-wf7v-fhxj-73m2. If an immediate upgrade is not feasible, a targeted compensating control is to reject or pre-validate that any signature buffer passed to OQS_SIG_STFL_verify is at least as long as the expected signature size for the chosen XMSS parameter set before calling the library - this mirrors exactly what the fix does internally. Disabling XMSS/XMSS^MT support at build time (by omitting OQS_ENABLE_SIG_STFL_XMSS) eliminates the vulnerable code path entirely, though this removes post-quantum stateful signature capability. No side effects are expected from upgrading to 0.16.0 beyond the new strict length check, which will now return OQS_ERROR for truncated signatures rather than proceeding.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server 16.0 Fixed

Share

CVE-2026-44518 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy