Filtered by vendor Pq-crystals
Subscriptions
Filtered by product Kyber
Subscriptions
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-37880 | 1 Pq-crystals | 1 Kyber | 2024-11-21 | 7.5 High |
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch. |
Page 1 of 1.