kyber512, kyber768, and kyber1024 on Mac OS (or when compiled with clang) only: An attacker able to submit many decapsulation requests against a single private key, and to gain timing information about the decapsulation, could recover the private key. Proof-of-concept exploit exists for a local attacker. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P/RL:U/RC:C
Impact For kyber512, kyber768, and kyber1024 only: An attacker able to submit many ciphertexts against a single private key, and to get responses in real-time, could recover the private key. This attack has been named KyberSlash CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C Patches Version 0.0.6.1 and newer of PyPQC is patched. Workarounds No workarounds have been reported. The 0.0.6 -> 0.0.6.1 upgrade should be a drop-in replacement; it has no known breaking changes. References This …
Impact An attacker able to submit many ciphertexts against a single private key, and to get responses in real-time, could recover the private key. This vulnerability has been named KyberSlash. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C Patches Version 0.0.6.1 and newer of PyPQC is patched. Workarounds No workarounds have been reported. The 0.0.6 -> 0.0.6.1 upgrade should be a drop-in replacement; it has no known breaking changes. References This was partially patched ("KyberSlash 1") in …