GHSA-9763-4f94-gfch
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9763-4f94-gfch
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-9763-4f94-gfch/GHSA-9763-4f94-gfch.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9763-4f94-gfch
- Aliases
- Related
- Published
- 2024-01-08T16:45:05Z
- Modified
- 2024-05-20T22:00:44Z
- Summary
- CIRCL's Kyber: timing side-channel (kyberslash2)
- Details
-
Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.
Does not apply to ephemeral usage, such as when used in the regular way in TLS.
Patches
Patched in 1.3.7.
References
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-01-08T16:45:05Z" }- References
Affected packages
Go / github.com/cloudflare/circl
Package
- Name
- github.com/cloudflare/circl
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/cloudflare/circl