GHSA-p4v8-jgcv-9g75: safe_pqc_kyber leaks parts of secret keys

January 3, 2024

On some platforms, when an attacker can time decapsulation, and in particular when the attacker can forge cipher texts, they can learn (parts of) the secret key.

Does not apply to ephemeral usage, such as when used in the regular way in TLS.

References

github.com/advisories/GHSA-p4v8-jgcv-9g75
github.com/bwesterb/argyle-kyber
github.com/bwesterb/argyle-kyber/commit/b5c6ad13f4eece80e59c6ebeafd787ba1519f5f6
github.com/bwesterb/argyle-kyber/security/advisories/GHSA-p4v8-jgcv-9g75
kyberslash.cr.yp.to/

Detect and mitigate GHSA-p4v8-jgcv-9g75 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →