Описание
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch.
Ссылки
- Exploit
- Patch
- Not Applicable
- ExploitThird Party Advisory
- Exploit
- Exploit
- Patch
- Not Applicable
- ExploitThird Party Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 2024-06-03 (исключая)
cpe:2.3:a:pq-crystals:kyber:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00141
Низкий
7.5 High
CVSS3
Дефекты
CWE-203
CWE-203
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch.
EPSS
Процентиль: 34%
0.00141
Низкий
7.5 High
CVSS3
Дефекты
CWE-203
CWE-203