CVE-2024-37305

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-37305
oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/open-quantum-safe/oqs-provider/pull/416
https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx
Configurations

No configuration.

History

20 Jun 2024, 12:44

Type Values Removed Values Added
Summary
  • (es) oqs-provider es un proveedor de la librería de criptografía OpenSSL 3 que agrega soporte para criptografía poscuántica en TLS, X.509 y S/MIME utilizando algoritmos poscuánticos de liboqs. Se han identificado fallas en la forma en que oqs-provider maneja las longitudes decodificadas con DECODE_UINT32 al inicio de firmas y claves híbridas serializadas (tradicionales + poscuánticas). Los valores de longitud no verificados se utilizan posteriormente para lecturas y escrituras de memoria; La entrada mal formada puede provocar fallas o fugas de información. El manejo de la operación de clave PQ simple/no híbrida no se ve afectado. Este problema se solucionó en la versión 0.6.1. Se recomienda a todos los usuarios que actualicen. No existen workarounds para este problema.

17 Jun 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-17 20:15

Updated : 2024-06-20 12:44

NVD link : CVE-2024-37305

Mitre link : CVE-2024-37305

CVE.ORG link : CVE-2024-37305

JSON object : View

Products Affected

No product.

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-130

Improper Handling of Length Parameter Inconsistency

CWE-190

Integer Overflow or Wraparound

CWE-680

Integer Overflow to Buffer Overflow

CWE-805

Buffer Access with Incorrect Length Value