CRITICAL🇵🇱 Wersja polska

CVE-2024-31510

CVSS 9.8v3.1pub. 2024-05-24upd. 2025-08-20

An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component.

🤖 AI Analysis
How it works

The vulnerability affects the pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component responsible for generating digital signatures compliant with the ML-DSA (CRYSTALS-Dilithium) standard. An attacker can manipulate the crypto_sign_signature parameter, which — according to related CWE — indicates the use of weak or attack-vulnerable cryptographic algorithm (CWE-327) and insufficient signature verification (CWE-1319). References point to an attack technique involving fault injection in ML-DSA implementation, which allows bypassing signature verification mechanisms.

Impact

Successful attack enables remote attacker to escalate privileges, which may lead to complete breach of confidentiality, integrity, and availability of protected resources.

Mitigation & patch

Apply patches available from the vendor according to references. It is recommended to monitor the project repository (https://github.com/open-quantum-safe/liboqs) for information about available updates and verify that the used version of liboqs library has been updated to a version that eliminates the described vulnerability.

Who is affected

Open Quantum Safe liboqs version 10.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Openquantumsafe Liboqs

    APP
    Openquantumsafe
    0.10.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2024-54137HIGH7.4ten sam produkt

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algori...

CVE-2026-44518MEDIUM5.3ten sam produkt

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algori...

CVE-2026-46344MEDIUM5.3ten sam produkt

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algori...

CVE-2025-52473MEDIUM5.9ten sam produkt

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algori...

CVE-2024-36405MEDIUM5.9ten sam produkt

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algori...