Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
3DescriptionGitHub Advisory
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature buffer shorter than the expected signature size for the given parameter set, the implementation does not validate the caller-supplied length and proceeds to read past the end of the buffer. The out-of-bounds bytes are consumed only as input to an internal hash computation and are not returned to the caller, so no oracle exists to leak their contents to an attacker. The primary observable effect is a possible crash (denial of service) of the verifying process if the read crosses into an unmapped memory page. This vulnerability is fixed in 0.16.0.
AnalysisAI
Out-of-bounds read in liboqs prior to 0.16.0 allows a remote unauthenticated attacker to crash the verifying process by supplying a truncated signature buffer to the XMSS or XMSS^MT stateful signature verification function. The missing caller-supplied length validation causes the implementation to read past the end of the buffer; the overread bytes feed into an internal hash computation only and are not returned to the caller, eliminating any data-leakage oracle. The primary real-world impact is a denial-of-service crash if the overread crosses an unmapped memory page. No public exploit or CISA KEV listing is identified at time of analysis.
Technical ContextAI
liboqs (open-quantum-safe/liboqs, CPE cpe:2.3:a:open-quantum-safe:liboqs:*:*:*:*:*:*:*:*) is an open-source C library implementing post-quantum cryptographic algorithms, including stateful hash-based signature schemes. The affected code resides in src/sig_stfl/xmss/sig_stfl_xmss_xmssmt.c, which implements the OQS_SIG_STFL_verify entry point for XMSS and XMSS^MT - stateful signature schemes standardized as part of NIST SP 800-208. The root cause is CWE-20 (Improper Input Validation): the verification function accepted a caller-supplied signature_len parameter and immediately began consuming the buffer in a hash computation without first checking that signature_len met the expected size for the selected parameter set. Real XMSS signatures are kilobytes in length; a 10-byte buffer is sufficient to trigger the overread. The commit ef70dea7c85e5637f37828d75e5b9bb29dbfe513 corrects this by inserting a strict equality guard - if signature_len != expected_length, OQS_ERROR is returned immediately - and adds a regression test (test_invalid_sig) that exercises exactly this path with a 10-byte malicious signature buffer.
RemediationAI
Upgrade liboqs to version 0.16.0, which contains the fix introduced by commit ef70dea7c85e5637f37828d75e5b9bb29dbfe513 (https://github.com/open-quantum-safe/liboqs/commit/ef70dea7c85e5637f37828d75e5b9bb29dbfe513). The vendor advisory is at https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-wf7v-fhxj-73m2. If an immediate upgrade is not feasible, a targeted compensating control is to reject or pre-validate that any signature buffer passed to OQS_SIG_STFL_verify is at least as long as the expected signature size for the chosen XMSS parameter set before calling the library - this mirrors exactly what the fix does internally. Disabling XMSS/XMSS^MT support at build time (by omitting OQS_ENABLE_SIG_STFL_XMSS) eliminates the vulnerable code path entirely, though this removes post-quantum stateful signature capability. No side effects are expected from upgrading to 0.16.0 beyond the new strict length check, which will now return OQS_ERROR for truncated signatures rather than proceeding.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33412