GHSA-h864-m8vm-3xvj

Source

https://github.com/advisories/GHSA-h864-m8vm-3xvj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-h864-m8vm-3xvj/GHSA-h864-m8vm-3xvj.json

Aliases

RUSTSEC-2022-0047

Published

2022-08-18T19:06:39Z

Modified

2023-11-08T04:19:57.153953Z

Details

Ward Beullens found a practical key-recovery attack against Rainbow. The level I parametersets are removed from liboqs starting from version 0.7.2. Find the scientific details in Breaking Rainbow Takes a Weekend on a Laptop.

This means all the oqs::sig::Algorithm::RainbowI* variants are insecure.

References

https://github.com/open-quantum-safe/liboqs-rust
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/KFgw5_qCXiI?pli=1
https://rustsec.org/advisories/RUSTSEC-2022-0047.html

Affected packages

crates.io / oqs

Package

Name: oqs

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.7.2