FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-08-01 09:57:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
dc087dad-bd71-11ef-b5a1-000ec6d40964	liboqs -- Correctness error in HQC decapsulation The Open Quantum Safe project reports: A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. No concrete attack exploiting the error has been identified at this point. However, the error involves mishandling of the secret key, and in principle this presents a security vulnerability. Discovery 2024-11-29 Entry 2024-12-18 liboqs < 0.12.0 CVE-2024-54137 https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7
aeac223e-60e1-11f0-8baa-8447094a420f	liboqs -- Secret-dependent branching in HQC The OpenQuantumSafe project reports: Secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 for optimizations above -O0 Discovery 2025-07-10 Entry 2025-07-14 liboqs < 0.14.0 CVE-2025-52473 https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm

VuXML ID

Description

dc087dad-bd71-11ef-b5a1-000ec6d40964

liboqs -- Correctness error in HQC decapsulation

The Open Quantum Safe project reports:

A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext.

No concrete attack exploiting the error has been identified at this point. However, the error involves mishandling of the secret key, and in principle this presents a security vulnerability.

Discovery 2024-11-29
Entry 2024-12-18
liboqs

< 0.12.0

CVE-2024-54137
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7

aeac223e-60e1-11f0-8baa-8447094a420f

liboqs -- Secret-dependent branching in HQC

The OpenQuantumSafe project reports:

Secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 for optimizations above -O0

Discovery 2025-07-10
Entry 2025-07-14
liboqs

< 0.14.0

CVE-2025-52473
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm