cvelistv5 - cve-2024-54137

CVE-2024-54137 (GCVE-0-2024-54137)

Vulnerability from cvelistv5

Published

2024-12-06 16:00

Modified

2024-12-10 16:10

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0.

References

►

URL

	Vendor	Product	Version
	open-quantum-safe	liboqs	Version: < 0.12.0

suse-su-2025:0005-1

Vulnerability from csaf_suse

Published

2025-01-02 08:01

Modified

2025-01-02 08:01

Summary

Security update for liboqs, oqs-provider

Notes

Title of the patch

Security update for liboqs, oqs-provider

Description of the patch

This update for liboqs, oqs-provider fixes the following issues: This update supplies the new FIPS standardized ML-KEM, ML-DSA, SHL-DSA algorithms. This update liboqs to 0.12.0: - This release updates the ML-DSA implementation to the [final FIPS 204](https://csrc.nist.gov/pubs/fips/204/final) version. This release still includes the NIST Round 3 version of Dilithium for interoperability purposes, but we plan to remove Dilithium Round 3 in a future release. - This will be the last release of liboqs to include Kyber (that is, the NIST Round 3 version of Kyber, prior to its standardization by NIST as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203). - The addition of ML-DSA FIPS 204 final version to liboqs has introduced a new signature API which includes a context string parameter. We are planning to remove the old version of the API without a context string in the next release to streamline the API and bring it in line with NIST specifications. Users who have an opinion on this removal are invited to provide input at https://github.com/open-quantum-safe/liboqs/issues/2001. Security issues: - CVE-2024-54137: Fixed bug in HQC decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. (bsc#1234292) - new library major version 7 Updated to 0.11.0: * This release updates ML-KEM implementations to their final FIPS 203 https://csrc.nist.gov/pubs/fips/203/final versions . * This release still includes the NIST Round 3 version of Kyber for interoperability purposes, but we plan to remove Kyber Round 3 in a future release. * Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1 https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures along with stateful hash-based signature schemes XMSS https://datatracker.ietf.org/doc/html/rfc8391 and LMS https://datatracker.ietf.org/doc/html/rfc8554. * Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from libjade https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2 * LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in CONFIGURE.md * Key encapsulation mechanisms: - Kyber: Added formally-verified portable C and AVX2 implementations of Kyber-512 and Kyber-768 from libjade. - ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512, ML-KEM-768, and ML-KEM-1024 to FIP 203 version. - Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and Kyber-1024 to work with AddressSanitizer. * Digital signature schemes: - LMS/XMSS: Added implementations of stateful hash-based signature schemes: XMSS and LMS - MAYO: Added portable C and AVX2 implementations of MAYO signature scheme from NIST Additional Signatures Round 1. - CROSS: Added portable C and AVX2 implementations of CROSS signature scheme from NIST Additional Signatures Round 1. * Other changes: - Added callback API to use custom implementations of AES, SHA2, and SHA3. - Refactor SHA3 implementation to use OpenSSL's EVP_DigestSqueeze() API. - new library major version 6 Updated to 0.10.1: - This release is a security release which fixes potential non-constant-time behaviour in ML-KEM and Kyber. (bsc#1226162 CVE-2024-36405) It also includes a fix for incorrectly named macros in the ML-DSA implementation. updated to 0.10.0: Key encapsulation mechanisms: - BIKE: Updated portable C implementation to include constant-time fixes from upstream. - HQC: Updated to NIST Round 4 version. - ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024. Digital signature schemes: - Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification. - ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87. Other changes: - Improved thread safety. - Removed support for the 'NIST-KAT' DRBG. - Added extended KAT test programs. - library major version changed from 4 to 5 This update also updates oqs-provider to 0.7.0: - Adds support for MAYO from Round 1 of NIST’s Post-Quantum Signature On-Ramp process. - Adds support for CROSS from Round 1 of NIST’s Post-Quantum Signature On-Ramp process. - Updates ML-KEM's code points in line with internet draft draft-kwiatkowski-tls-ecdhe-mlkem-02. - Reverses keyshares for X25519MLKEM768 and X448-ML-KEM-768 TLS hybrids in line with draft-kwiatkowski-tls-ecdhe-mlkem-02. Updated to 0.6.1: - CVE-2024-37305: Fixed buffer overflow in deserialization of hybrid keys and signatures (bsc#1226468) Updated to 0.6.0: - First availability of standardized PQ algorithms, e.g., ML-KEM, ML-DSA - Support for Composite PQ operations - Alignment with PQ algorithm implementations as provided by liboqs 0.10.0, most notably updating HQC and Falcon. - Implementation of security code review recommendations - Support for more hybrid operations as fully documented here. - Support for extraction of classical and hybrid key material Updated to 0.5.3: - only tracking parallel liboqs security update Updated to 0.5.2: - Algorithm updates as documented in the liboqs 0.9.0 release notes - Standard coding style - Enhanced memory leak protection - Added community cooperation documentation - (optional) KEM algorithm en-/decoder feature Updated to 0.5.1: - Documentation update - document specs - General documentation overhaul - change TLS demo to use QSC alg - Build a module instead of a shared library. - explain groups in USAGE

Patchnames

SUSE-2025-5,SUSE-SLE-Module-Basesystem-15-SP6-2025-5,openSUSE-SLE-15.6-2025-5

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for liboqs, oqs-provider",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for liboqs, oqs-provider fixes the following issues:\n\nThis update supplies the new FIPS standardized ML-KEM, ML-DSA, SHL-DSA algorithms.\n\nThis update liboqs to 0.12.0:\n\n  - This release updates the ML-DSA implementation to the [final\n    FIPS 204](https://csrc.nist.gov/pubs/fips/204/final) version. This\n    release still includes the NIST Round 3 version of Dilithium for\n    interoperability purposes, but we plan to remove Dilithium Round 3 in\n    a future release.\n  - This will be the last release of liboqs to include Kyber (that is,\n    the NIST Round 3 version of Kyber, prior to its standardization by NIST\n    as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203).\n  - The addition of ML-DSA FIPS 204 final version to liboqs has\n    introduced a new signature API which includes a context string\n    parameter. We are planning to remove the old version of the API\n    without a context string in the next release to streamline the\n    API and bring it in line with NIST specifications. Users who\n    have an opinion on this removal are invited to provide input at\n    https://github.com/open-quantum-safe/liboqs/issues/2001.\n\n  Security issues:\n\n  - CVE-2024-54137: Fixed bug in HQC decapsulation that leads to incorrect\n    shared secret value during decapsulation when called with an invalid\n    ciphertext. (bsc#1234292)\n  - new library major version 7\n\nUpdated to 0.11.0:\n\n  * This release updates ML-KEM implementations to their final FIPS 203\n    https://csrc.nist.gov/pubs/fips/203/final versions .\n  * This release still includes the NIST Round 3 version of Kyber for\n    interoperability purposes, but we plan to remove Kyber Round 3 in a\n    future release.\n  * Additionally, this release adds support for MAYO and CROSS\n    digital signature schemes from [NIST Additional Signatures Round 1\n    https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures\n    along with stateful hash-based signature schemes XMSS\n    https://datatracker.ietf.org/doc/html/rfc8391 and LMS\n    https://datatracker.ietf.org/doc/html/rfc8554.\n  * Finally, this release provides formally verified\n    implementations of Kyber-512 and Kyber-768 from libjade\n    https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2\n  * LMS and XMSS are disabled by default due to the security risks associated with their use in software.\n    See the note on stateful hash-based signatures in CONFIGURE.md\n  * Key encapsulation mechanisms:\n  - Kyber: Added formally-verified portable C and AVX2 implementations\n    of Kyber-512 and Kyber-768 from libjade.\n  - ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512,\n    ML-KEM-768, and ML-KEM-1024 to FIP 203 version.\n  - Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and\n    Kyber-1024 to work with AddressSanitizer.\n  * Digital signature schemes:\n  - LMS/XMSS: Added implementations of stateful hash-based signature\n    schemes: XMSS and LMS\n  - MAYO: Added portable C and AVX2 implementations of MAYO signature\n    scheme from NIST Additional Signatures Round 1.\n  - CROSS: Added portable C and AVX2 implementations of CROSS signature\n    scheme from NIST Additional Signatures Round 1.\n  * Other changes:\n  - Added callback API to use custom implementations of AES, SHA2, and SHA3.\n  - Refactor SHA3 implementation to use OpenSSL\u0027s EVP_DigestSqueeze() API.\n\n  - new library major version 6\n\nUpdated to 0.10.1:\n\n- This release is a security release which fixes potential\n  non-constant-time behaviour in ML-KEM and Kyber. (bsc#1226162\n  CVE-2024-36405)\n  It also includes a fix for incorrectly named macros in the ML-DSA\n  implementation.\n\nupdated to 0.10.0:\n\n  Key encapsulation mechanisms:\n\n  - BIKE: Updated portable C implementation to include constant-time fixes from upstream.\n  - HQC: Updated to NIST Round 4 version.\n  - ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024.\n\n  Digital signature schemes:\n\n  - Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification.\n  - ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87.\n\n  Other changes:\n\n  - Improved thread safety.\n  - Removed support for the \u0027NIST-KAT\u0027 DRBG.\n  - Added extended KAT test programs.\n\n- library major version changed from 4 to 5\n\nThis update also updates oqs-provider to 0.7.0:\n\n\n- Adds support for MAYO from Round 1 of NIST\u2019s Post-Quantum Signature On-Ramp process.\n- Adds support for CROSS from Round 1 of NIST\u2019s Post-Quantum Signature On-Ramp process.\n- Updates ML-KEM\u0027s code points in line with internet draft draft-kwiatkowski-tls-ecdhe-mlkem-02.\n- Reverses keyshares for X25519MLKEM768 and X448-ML-KEM-768 TLS hybrids in line with draft-kwiatkowski-tls-ecdhe-mlkem-02.\n\nUpdated to 0.6.1:\n\n- CVE-2024-37305: Fixed buffer overflow in deserialization of hybrid keys and signatures (bsc#1226468)\n\nUpdated to 0.6.0:\n\n- First availability of standardized PQ algorithms, e.g., ML-KEM, ML-DSA\n- Support for Composite PQ operations\n- Alignment with PQ algorithm implementations as provided by liboqs 0.10.0, most notably updating HQC and Falcon.\n- Implementation of security code review recommendations\n- Support for more hybrid operations as fully documented here.\n- Support for extraction of classical and hybrid key material\n\nUpdated to 0.5.3:\n\n- only tracking parallel liboqs security update\n\nUpdated to 0.5.2:\n\n- Algorithm updates as documented in the liboqs 0.9.0 release notes\n- Standard coding style\n- Enhanced memory leak protection\n- Added community cooperation documentation\n- (optional) KEM algorithm en-/decoder feature\n\nUpdated to 0.5.1:\n\n- Documentation update\n- document specs\n- General documentation overhaul\n- change TLS demo to use QSC alg\n- Build a module instead of a shared library.\n- explain groups in USAGE\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-5,SUSE-SLE-Module-Basesystem-15-SP6-2025-5,openSUSE-SLE-15.6-2025-5",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0005-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:0005-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250005-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:0005-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020060.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1226162",
        "url": "https://bugzilla.suse.com/1226162"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1226468",
        "url": "https://bugzilla.suse.com/1226468"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1234292",
        "url": "https://bugzilla.suse.com/1234292"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-36405 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-36405/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-37305 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-37305/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-54137 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-54137/"
      }
    ],
    "title": "Security update for liboqs, oqs-provider",
    "tracking": {
      "current_release_date": "2025-01-02T08:01:41Z",
      "generator": {
        "date": "2025-01-02T08:01:41Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:0005-1",
      "initial_release_date": "2025-01-02T08:01:41Z",
      "revision_history": [
        {
          "date": "2025-01-02T08:01:41Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liboqs-devel-0.12.0-150600.3.3.1.aarch64",
                "product": {
                  "name": "liboqs-devel-0.12.0-150600.3.3.1.aarch64",
                  "product_id": "liboqs-devel-0.12.0-150600.3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-0.12.0-150600.3.3.1.aarch64",
                "product": {
                  "name": "liboqs7-0.12.0-150600.3.3.1.aarch64",
                  "product_id": "liboqs7-0.12.0-150600.3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "oqs-provider-0.7.0-150600.3.3.1.aarch64",
                "product": {
                  "name": "oqs-provider-0.7.0-150600.3.3.1.aarch64",
                  "product_id": "oqs-provider-0.7.0-150600.3.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liboqs-devel-64bit-0.12.0-150600.3.3.1.aarch64_ilp32",
                "product": {
                  "name": "liboqs-devel-64bit-0.12.0-150600.3.3.1.aarch64_ilp32",
                  "product_id": "liboqs-devel-64bit-0.12.0-150600.3.3.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-64bit-0.12.0-150600.3.3.1.aarch64_ilp32",
                "product": {
                  "name": "liboqs7-64bit-0.12.0-150600.3.3.1.aarch64_ilp32",
                  "product_id": "liboqs7-64bit-0.12.0-150600.3.3.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liboqs-devel-0.12.0-150600.3.3.1.i586",
                "product": {
                  "name": "liboqs-devel-0.12.0-150600.3.3.1.i586",
                  "product_id": "liboqs-devel-0.12.0-150600.3.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-0.12.0-150600.3.3.1.i586",
                "product": {
                  "name": "liboqs7-0.12.0-150600.3.3.1.i586",
                  "product_id": "liboqs7-0.12.0-150600.3.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "oqs-provider-0.7.0-150600.3.3.1.i586",
                "product": {
                  "name": "oqs-provider-0.7.0-150600.3.3.1.i586",
                  "product_id": "oqs-provider-0.7.0-150600.3.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
                "product": {
                  "name": "liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
                  "product_id": "liboqs-devel-0.12.0-150600.3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-0.12.0-150600.3.3.1.ppc64le",
                "product": {
                  "name": "liboqs7-0.12.0-150600.3.3.1.ppc64le",
                  "product_id": "liboqs7-0.12.0-150600.3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "oqs-provider-0.7.0-150600.3.3.1.ppc64le",
                "product": {
                  "name": "oqs-provider-0.7.0-150600.3.3.1.ppc64le",
                  "product_id": "oqs-provider-0.7.0-150600.3.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liboqs-devel-0.12.0-150600.3.3.1.s390x",
                "product": {
                  "name": "liboqs-devel-0.12.0-150600.3.3.1.s390x",
                  "product_id": "liboqs-devel-0.12.0-150600.3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-0.12.0-150600.3.3.1.s390x",
                "product": {
                  "name": "liboqs7-0.12.0-150600.3.3.1.s390x",
                  "product_id": "liboqs7-0.12.0-150600.3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "oqs-provider-0.7.0-150600.3.3.1.s390x",
                "product": {
                  "name": "oqs-provider-0.7.0-150600.3.3.1.s390x",
                  "product_id": "oqs-provider-0.7.0-150600.3.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liboqs-devel-0.12.0-150600.3.3.1.x86_64",
                "product": {
                  "name": "liboqs-devel-0.12.0-150600.3.3.1.x86_64",
                  "product_id": "liboqs-devel-0.12.0-150600.3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64",
                "product": {
                  "name": "liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64",
                  "product_id": "liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-0.12.0-150600.3.3.1.x86_64",
                "product": {
                  "name": "liboqs7-0.12.0-150600.3.3.1.x86_64",
                  "product_id": "liboqs7-0.12.0-150600.3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-32bit-0.12.0-150600.3.3.1.x86_64",
                "product": {
                  "name": "liboqs7-32bit-0.12.0-150600.3.3.1.x86_64",
                  "product_id": "liboqs7-32bit-0.12.0-150600.3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "oqs-provider-0.7.0-150600.3.3.1.x86_64",
                "product": {
                  "name": "oqs-provider-0.7.0-150600.3.3.1.x86_64",
                  "product_id": "oqs-provider-0.7.0-150600.3.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.6",
                "product": {
                  "name": "openSUSE Leap 15.6",
                  "product_id": "openSUSE Leap 15.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-0.12.0-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.aarch64"
        },
        "product_reference": "liboqs-devel-0.12.0-150600.3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-0.12.0-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le"
        },
        "product_reference": "liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-0.12.0-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.s390x"
        },
        "product_reference": "liboqs-devel-0.12.0-150600.3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-0.12.0-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.x86_64"
        },
        "product_reference": "liboqs-devel-0.12.0-150600.3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-0.12.0-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.aarch64"
        },
        "product_reference": "liboqs7-0.12.0-150600.3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-0.12.0-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.ppc64le"
        },
        "product_reference": "liboqs7-0.12.0-150600.3.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-0.12.0-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.s390x"
        },
        "product_reference": "liboqs7-0.12.0-150600.3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-0.12.0-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.x86_64"
        },
        "product_reference": "liboqs7-0.12.0-150600.3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oqs-provider-0.7.0-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.aarch64"
        },
        "product_reference": "oqs-provider-0.7.0-150600.3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oqs-provider-0.7.0-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.ppc64le"
        },
        "product_reference": "oqs-provider-0.7.0-150600.3.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oqs-provider-0.7.0-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.s390x"
        },
        "product_reference": "oqs-provider-0.7.0-150600.3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oqs-provider-0.7.0-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.x86_64"
        },
        "product_reference": "oqs-provider-0.7.0-150600.3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-0.12.0-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.aarch64"
        },
        "product_reference": "liboqs-devel-0.12.0-150600.3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-0.12.0-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le"
        },
        "product_reference": "liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-0.12.0-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.s390x"
        },
        "product_reference": "liboqs-devel-0.12.0-150600.3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-0.12.0-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.x86_64"
        },
        "product_reference": "liboqs-devel-0.12.0-150600.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64"
        },
        "product_reference": "liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-0.12.0-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.aarch64"
        },
        "product_reference": "liboqs7-0.12.0-150600.3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-0.12.0-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.ppc64le"
        },
        "product_reference": "liboqs7-0.12.0-150600.3.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-0.12.0-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.s390x"
        },
        "product_reference": "liboqs7-0.12.0-150600.3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-0.12.0-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.x86_64"
        },
        "product_reference": "liboqs7-0.12.0-150600.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-32bit-0.12.0-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:liboqs7-32bit-0.12.0-150600.3.3.1.x86_64"
        },
        "product_reference": "liboqs7-32bit-0.12.0-150600.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oqs-provider-0.7.0-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.aarch64"
        },
        "product_reference": "oqs-provider-0.7.0-150600.3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oqs-provider-0.7.0-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.ppc64le"
        },
        "product_reference": "oqs-provider-0.7.0-150600.3.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oqs-provider-0.7.0-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.s390x"
        },
        "product_reference": "oqs-provider-0.7.0-150600.3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oqs-provider-0.7.0-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.x86_64"
        },
        "product_reference": "oqs-provider-0.7.0-150600.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-36405",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-36405"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for `-Os`, `-O1`, and other compilation options. A proof-of-concept local attack on the reference implementation leaks the entire ML-KEM 512 secret key in ~10 minutes using end-to-end decapsulation timing measurements. The issue has been fixed in version 0.10.1. As a possible workaround, some compiler options may produce vectorized code that does not leak secret information, however relying on these compiler options as a workaround may not be reliable.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
          "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
          "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
          "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.aarch64",
          "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
          "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.s390x",
          "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:liboqs7-32bit-0.12.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
          "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
          "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.s390x",
          "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-36405",
          "url": "https://www.suse.com/security/cve/CVE-2024-36405"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1226162 for CVE-2024-36405",
          "url": "https://bugzilla.suse.com/1226162"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs7-32bit-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs7-32bit-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-02T08:01:41Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-36405"
    },
    {
      "cve": "CVE-2024-37305",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-37305"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
          "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
          "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
          "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.aarch64",
          "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
          "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.s390x",
          "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:liboqs7-32bit-0.12.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
          "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
          "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.s390x",
          "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-37305",
          "url": "https://www.suse.com/security/cve/CVE-2024-37305"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1226468 for CVE-2024-37305",
          "url": "https://bugzilla.suse.com/1226468"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs7-32bit-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs7-32bit-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-02T08:01:41Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-37305"
    },
    {
      "cve": "CVE-2024-54137",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-54137"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
          "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
          "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
          "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.aarch64",
          "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
          "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.s390x",
          "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:liboqs7-32bit-0.12.0-150600.3.3.1.x86_64",
          "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
          "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
          "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.s390x",
          "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-54137",
          "url": "https://www.suse.com/security/cve/CVE-2024-54137"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234292 for CVE-2024-54137",
          "url": "https://bugzilla.suse.com/1234292"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs7-32bit-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:liboqs7-0.12.0-150600.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP6:oqs-provider-0.7.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:liboqs-devel-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs-devel-32bit-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:liboqs7-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:liboqs7-32bit-0.12.0-150600.3.3.1.x86_64",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.aarch64",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.ppc64le",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.s390x",
            "openSUSE Leap 15.6:oqs-provider-0.7.0-150600.3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-02T08:01:41Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-54137"
    }
  ]
}

fkie_cve-2024-54137

Vulnerability from fkie_nvd

Published

2024-12-06 16:15

Modified

2025-08-20 19:07

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

▶	URL	Tags
	security-advisories@github.com	https://github.com/open-quantum-safe/liboqs/commit/cce1bfde4e52c524b087b9687020d283fbde0f24	Patch
	security-advisories@github.com	https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	openquantumsafe	liboqs	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openquantumsafe:liboqs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9652F4C2-CEF0-4A7C-927A-28BC59F2367A",
              "versionEndExcluding": "0.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0."
    },
    {
      "lang": "es",
      "value": "liboqs es una libreria criptogr\u00e1fica en lenguaje C que proporciona implementaciones de algoritmos de criptograf\u00eda postcu\u00e1ntica. Se ha identificado un error de correcci\u00f3n en la implementaci\u00f3n de referencia del mecanismo de encapsulaci\u00f3n de claves HQC. Debido a un error de indexaci\u00f3n, parte de la clave secreta se trata incorrectamente como datos no secretos. Esto da como resultado que se devuelva un valor secreto compartido incorrecto cuando se llama a la funci\u00f3n de desencapsulaci\u00f3n con un texto cifrado mal formado. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 0.12.0."
    }
  ],
  "id": "CVE-2024-54137",
  "lastModified": "2025-08-20T19:07:12.157",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-06T16:15:22.637",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/open-quantum-safe/liboqs/commit/cce1bfde4e52c524b087b9687020d283fbde0f24"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

opensuse-su-2024:14580-1

Vulnerability from csaf_opensuse

Published

2024-12-13 00:00

Modified

2024-12-13 00:00

Summary

liboqs-devel-0.12.0-1.1 on GA media

Notes

Title of the patch

liboqs-devel-0.12.0-1.1 on GA media

Description of the patch

These are all security issues fixed in the liboqs-devel-0.12.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-14580

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "liboqs-devel-0.12.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the liboqs-devel-0.12.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-14580",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14580-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-54137 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-54137/"
      }
    ],
    "title": "liboqs-devel-0.12.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-12-13T00:00:00Z",
      "generator": {
        "date": "2024-12-13T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:14580-1",
      "initial_release_date": "2024-12-13T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-12-13T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liboqs-devel-0.12.0-1.1.aarch64",
                "product": {
                  "name": "liboqs-devel-0.12.0-1.1.aarch64",
                  "product_id": "liboqs-devel-0.12.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs-devel-32bit-0.12.0-1.1.aarch64",
                "product": {
                  "name": "liboqs-devel-32bit-0.12.0-1.1.aarch64",
                  "product_id": "liboqs-devel-32bit-0.12.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-0.12.0-1.1.aarch64",
                "product": {
                  "name": "liboqs7-0.12.0-1.1.aarch64",
                  "product_id": "liboqs7-0.12.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-32bit-0.12.0-1.1.aarch64",
                "product": {
                  "name": "liboqs7-32bit-0.12.0-1.1.aarch64",
                  "product_id": "liboqs7-32bit-0.12.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liboqs-devel-0.12.0-1.1.ppc64le",
                "product": {
                  "name": "liboqs-devel-0.12.0-1.1.ppc64le",
                  "product_id": "liboqs-devel-0.12.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs-devel-32bit-0.12.0-1.1.ppc64le",
                "product": {
                  "name": "liboqs-devel-32bit-0.12.0-1.1.ppc64le",
                  "product_id": "liboqs-devel-32bit-0.12.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-0.12.0-1.1.ppc64le",
                "product": {
                  "name": "liboqs7-0.12.0-1.1.ppc64le",
                  "product_id": "liboqs7-0.12.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-32bit-0.12.0-1.1.ppc64le",
                "product": {
                  "name": "liboqs7-32bit-0.12.0-1.1.ppc64le",
                  "product_id": "liboqs7-32bit-0.12.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liboqs-devel-0.12.0-1.1.s390x",
                "product": {
                  "name": "liboqs-devel-0.12.0-1.1.s390x",
                  "product_id": "liboqs-devel-0.12.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs-devel-32bit-0.12.0-1.1.s390x",
                "product": {
                  "name": "liboqs-devel-32bit-0.12.0-1.1.s390x",
                  "product_id": "liboqs-devel-32bit-0.12.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-0.12.0-1.1.s390x",
                "product": {
                  "name": "liboqs7-0.12.0-1.1.s390x",
                  "product_id": "liboqs7-0.12.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-32bit-0.12.0-1.1.s390x",
                "product": {
                  "name": "liboqs7-32bit-0.12.0-1.1.s390x",
                  "product_id": "liboqs7-32bit-0.12.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liboqs-devel-0.12.0-1.1.x86_64",
                "product": {
                  "name": "liboqs-devel-0.12.0-1.1.x86_64",
                  "product_id": "liboqs-devel-0.12.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs-devel-32bit-0.12.0-1.1.x86_64",
                "product": {
                  "name": "liboqs-devel-32bit-0.12.0-1.1.x86_64",
                  "product_id": "liboqs-devel-32bit-0.12.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-0.12.0-1.1.x86_64",
                "product": {
                  "name": "liboqs7-0.12.0-1.1.x86_64",
                  "product_id": "liboqs7-0.12.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "liboqs7-32bit-0.12.0-1.1.x86_64",
                "product": {
                  "name": "liboqs7-32bit-0.12.0-1.1.x86_64",
                  "product_id": "liboqs7-32bit-0.12.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-0.12.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.aarch64"
        },
        "product_reference": "liboqs-devel-0.12.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-0.12.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.ppc64le"
        },
        "product_reference": "liboqs-devel-0.12.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-0.12.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.s390x"
        },
        "product_reference": "liboqs-devel-0.12.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-0.12.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.x86_64"
        },
        "product_reference": "liboqs-devel-0.12.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-32bit-0.12.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.aarch64"
        },
        "product_reference": "liboqs-devel-32bit-0.12.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-32bit-0.12.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.ppc64le"
        },
        "product_reference": "liboqs-devel-32bit-0.12.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-32bit-0.12.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.s390x"
        },
        "product_reference": "liboqs-devel-32bit-0.12.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs-devel-32bit-0.12.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.x86_64"
        },
        "product_reference": "liboqs-devel-32bit-0.12.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-0.12.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.aarch64"
        },
        "product_reference": "liboqs7-0.12.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-0.12.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.ppc64le"
        },
        "product_reference": "liboqs7-0.12.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-0.12.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.s390x"
        },
        "product_reference": "liboqs7-0.12.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-0.12.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.x86_64"
        },
        "product_reference": "liboqs7-0.12.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-32bit-0.12.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.aarch64"
        },
        "product_reference": "liboqs7-32bit-0.12.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-32bit-0.12.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.ppc64le"
        },
        "product_reference": "liboqs7-32bit-0.12.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-32bit-0.12.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.s390x"
        },
        "product_reference": "liboqs7-32bit-0.12.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liboqs7-32bit-0.12.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.x86_64"
        },
        "product_reference": "liboqs7-32bit-0.12.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-54137",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-54137"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.aarch64",
          "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.ppc64le",
          "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.s390x",
          "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.x86_64",
          "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.aarch64",
          "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.ppc64le",
          "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.s390x",
          "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.x86_64",
          "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.aarch64",
          "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.ppc64le",
          "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.s390x",
          "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.x86_64",
          "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.aarch64",
          "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.ppc64le",
          "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.s390x",
          "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-54137",
          "url": "https://www.suse.com/security/cve/CVE-2024-54137"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234292 for CVE-2024-54137",
          "url": "https://bugzilla.suse.com/1234292"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.aarch64",
            "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.ppc64le",
            "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.s390x",
            "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.x86_64",
            "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.aarch64",
            "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.ppc64le",
            "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.s390x",
            "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.x86_64",
            "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.aarch64",
            "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.ppc64le",
            "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.s390x",
            "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.x86_64",
            "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.aarch64",
            "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.ppc64le",
            "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.s390x",
            "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.aarch64",
            "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.ppc64le",
            "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.s390x",
            "openSUSE Tumbleweed:liboqs-devel-0.12.0-1.1.x86_64",
            "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.aarch64",
            "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.ppc64le",
            "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.s390x",
            "openSUSE Tumbleweed:liboqs-devel-32bit-0.12.0-1.1.x86_64",
            "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.aarch64",
            "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.ppc64le",
            "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.s390x",
            "openSUSE Tumbleweed:liboqs7-0.12.0-1.1.x86_64",
            "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.aarch64",
            "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.ppc64le",
            "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.s390x",
            "openSUSE Tumbleweed:liboqs7-32bit-0.12.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-12-13T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-54137"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-54137 (GCVE-0-2024-54137)

Vulnerability from cvelistv5

suse-su-2025:0005-1

Vulnerability from csaf_suse

fkie_cve-2024-54137

Vulnerability from fkie_nvd

opensuse-su-2024:14580-1

Vulnerability from csaf_opensuse

Tags

Sightings

Nomenclature