Skip to main content

liboqs CVE-2026-46344

| EUVDEUVD-2026-33413 MEDIUM
Out-of-bounds Read (CWE-125)
2026-05-29 GitHub_M
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
SUSE
MEDIUM
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Patch available
May 29, 2026 - 20:02 EUVD
Source Code Evidence Fetched
May 29, 2026 - 19:01 vuln.today
Analysis Generated
May 29, 2026 - 19:01 vuln.today

DescriptionGitHub Advisory

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a correctly-sized signature buffer for the declared algorithm but a public key whose OID bytes (pk[0..3]) reference a different XMSS parameter set with a larger sig_bytes, the implementation re-parses the OID from the public key inside xmss_sign_open / xmssmt_sign_open and uses the resulting (larger) sig_bytes to index the caller-supplied signature buffer. As with CVE-2026-44518, the out-of-bounds bytes are consumed only as input to an internal hash computation and are not returned to the caller, so no oracle exists to leak their contents to an attacker. The primary observable effect is a possible crash (denial of service) of the verifying process if the read crosses into an unmapped memory page. This vulnerability is fixed in 0.16.0.

AnalysisAI

Out-of-bounds read in liboqs prior to 0.16.0 affects the XMSS and XMSS^MT stateful signature verification routines, exploitable by any unauthenticated remote attacker who can supply a crafted public key to a verifying process. The flaw arises when a correctly-sized signature buffer is paired with a public key whose OID bytes reference a different XMSS parameter set, causing the library to derive a larger sig_bytes value and index past the end of the caller-supplied buffer, with the primary observable effect being a process crash. No active exploitation is confirmed (not in CISA KEV) and no independently published exploit has been identified at time of analysis, though a proof-of-concept scenario is embedded in the upstream fix commit's test suite.

Technical ContextAI

liboqs (CPE: cpe:2.3:a:open-quantum-safe:liboqs:*:*:*:*:*:*:*:*) is an open-source C library from the Open Quantum Safe project implementing post-quantum cryptography algorithms, including XMSS and XMSS^MT - stateful hash-based signature schemes. CWE-125 (Out-of-bounds Read) describes the root cause: within xmss_sign_open and xmssmt_sign_open, the implementation re-parses the XMSS parameter OID directly from the caller-supplied public key buffer (bytes pk[0..3]) rather than trusting the algorithm variant selected by the invoking wrapper. An adversary who supplies a public key with OID bytes pointing to a heavier parameter set - one with a larger sig_bytes value - causes the internal hash path in xmss_commons.c to index the caller-supplied signature buffer at an offset beyond its allocated length. Because the out-of-bounds bytes are consumed only as hash input and never returned to the caller, no memory-disclosure oracle is created. The fix in commit 077e32a adds an explicit OID consistency check in the verify wrapper, extracting the four-byte OID from the public key and comparing it against the OID hardcoded for the invoking algorithm variant before any internal re-parsing occurs; mismatches return OQS_ERROR immediately. This vulnerability is a sibling of CVE-2026-44518 (GHSA-wf7v-fhxj-73m2), which addresses a complementary OOB read triggered by an undersized signature buffer.

RemediationAI

Upgrade liboqs to version 0.16.0, which incorporates the fix via commit 077e32a94f39af02209dbbc680bf8a43b774b305 (https://github.com/open-quantum-safe/liboqs/commit/077e32a94f39af02209dbbc680bf8a43b774b305). The patch adds an OID consistency check at the entry of each XMSS/XMSS^MT verify wrapper so that any public key whose embedded OID does not match the expected OID for the invoked algorithm variant is rejected before internal re-parsing can occur. The full vendor advisory is at https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-2wxh-55qf-c7wg. Where immediate patching is not possible, the primary compensating control is to ensure that public keys passed to XMSS/XMSS^MT verification routines originate only from authenticated, trusted sources - this does not eliminate the bug but restricts who can trigger it. Additionally, restricting or rate-limiting any network-facing endpoint that accepts public keys for signature verification reduces the availability impact of a DoS attempt. Note that neither compensating control addresses the underlying memory safety defect; patching to 0.16.0 remains the only definitive fix.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server 16.0 Fixed

Share

CVE-2026-46344 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy