CVE-2024-31510

Published: 24 May 2024

An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component.

Priority

Status

Package	Release	Status
liboqs Launchpad, Ubuntu, Debian	focal	Does not exist
	jammy	Does not exist
	mantic	Does not exist
	noble	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist

References

https://www.cve.org/CVERecord?id=CVE-2024-31510
https://github.com/liang-junkai/Fault-injection-of-ML-DSA
https://github.com/open-quantum-safe/liboqs
https://gist.github.com/liang-junkai/a9fc693f8bdf176e9d9f56773bf20703
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072118

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›