Skip to main content

Liboqs

5 CVEs product

Monthly

CVE-2025-52473 MEDIUM PATCH This Month

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels above -O0 (-O1, -O2, etc). A proof-of-concept local attack exploits this secret-dependent information to recover the entire secret key. This vulnerability is fixed in 0.14.0.

Information Disclosure Debian Liboqs Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-48946 LOW PATCH Monitor

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Liboqs
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2024-54137 HIGH PATCH This Week

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Liboqs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-36405 HIGH PATCH This Week

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Liboqs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31510 CRITICAL POC Act Now

An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Liboqs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels above -O0 (-O1, -O2, etc). A proof-of-concept local attack exploits this secret-dependent information to recover the entire secret key. This vulnerability is fixed in 0.14.0.

Information Disclosure Debian Liboqs +2
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Liboqs
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Liboqs
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Liboqs
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Liboqs
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy