{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37305", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-05T20:10:46.497Z", "datePublished": "2024-06-17T19:42:22.091Z", "dateUpdated": "2024-08-02T03:50:56.102Z"}, "containers": {"cna": {"title": "Buffer overflow in deserialization in oqs-provider ", "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "lang": "en", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-130", "lang": "en", "description": "CWE-130: Improper Handling of Length Parameter Inconsistency", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-680", "lang": "en", "description": "CWE-680: Integer Overflow to Buffer Overflow", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-805", "lang": "en", "description": "CWE-805: Buffer Access with Incorrect Length Value", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx"}, {"name": "https://github.com/open-quantum-safe/oqs-provider/pull/416", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-quantum-safe/oqs-provider/pull/416"}], "affected": [{"vendor": "open-quantum-safe", "product": "oqs-provider", "versions": [{"version": "< 0.6.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-17T19:42:22.091Z"}, "descriptions": [{"lang": "en", "value": "oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue."}], "source": {"advisory": "GHSA-pqvr-5cr8-v6fx", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "open_quantum_safe", "product": "oqs_provider", "cpes": ["cpe:2.3:a:open_quantum_safe:oqs_provider:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.6.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-18T13:31:38.141442Z", "id": "CVE-2024-37305", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-18T13:42:29.675Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:56.102Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx"}, {"name": "https://github.com/open-quantum-safe/oqs-provider/pull/416", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/open-quantum-safe/oqs-provider/pull/416"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37305", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-18T13:31:38.141442Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:open_quantum_safe:oqs_provider:*:*:*:*:*:*:*:*"], "vendor": "open_quantum_safe", "product": "oqs_provider", "versions": [{"status": "affected", "version": "0", "lessThan": "0.6.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-18T13:35:00.955Z"}}], "cna": {"title": "Buffer overflow in deserialization in oqs-provider ", "source": {"advisory": "GHSA-pqvr-5cr8-v6fx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "open-quantum-safe", "product": "oqs-provider", "versions": [{"status": "affected", "version": "< 0.6.1"}]}], "references": [{"url": "https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx", "name": "https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/open-quantum-safe/oqs-provider/pull/416", "name": "https://github.com/open-quantum-safe/oqs-provider/pull/416", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-130", "description": "CWE-130: Improper Handling of Length Parameter Inconsistency"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-680", "description": "CWE-680: Integer Overflow to Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-805", "description": "CWE-805: Buffer Access with Incorrect Length Value"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-17T19:42:22.091Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37305", "state": "PUBLISHED", "dateUpdated": "2024-06-18T13:42:29.675Z", "dateReserved": "2024-06-05T20:10:46.497Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-17T19:42:22.091Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue."}, {"lang": "es", "value": "oqs-provider es un proveedor de la librer\u00eda de criptograf\u00eda OpenSSL 3 que agrega soporte para criptograf\u00eda poscu\u00e1ntica en TLS, X.509 y S/MIME utilizando algoritmos poscu\u00e1nticos de liboqs. Se han identificado fallas en la forma en que oqs-provider maneja las longitudes decodificadas con DECODE_UINT32 al inicio de firmas y claves h\u00edbridas serializadas (tradicionales + poscu\u00e1nticas). Los valores de longitud no verificados se utilizan posteriormente para lecturas y escrituras de memoria; La entrada mal formada puede provocar fallas o fugas de informaci\u00f3n. El manejo de la operaci\u00f3n de clave PQ simple/no h\u00edbrida no se ve afectado. Este problema se solucion\u00f3 en la versi\u00f3n 0.6.1. Se recomienda a todos los usuarios que actualicen. No existen workarounds para este problema."}], "id": "CVE-2024-37305", "lastModified": "2024-11-21T09:23:34.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-06-17T20:15:12.880", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/open-quantum-safe/oqs-provider/pull/416"}, {"source": "security-advisories@github.com", "url": "https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/open-quantum-safe/oqs-provider/pull/416"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-130"}, {"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-680"}, {"lang": "en", "value": "CWE-805"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "oqs-provider: buffer overflow in deserialization", "id": "2292772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292772"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "(CWE-120|CWE-130|CWE-190|CWE-680|CWE-805)", "details": ["oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.", "A flaw was found in oqs-provider, which is an OpenSSL 3 provider that contains post-quantum algorithms. The issue occurs from the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. As a result, malformed input could potentially cause crashes or leak information."], "mitigation": {"lang": "en:us", "value": "It is recommended to update to the latest stable version to address this vulnerability."}, "name": "CVE-2024-37305", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "oqsprovider", "product_name": "Red Hat Enterprise Linux 10"}], "public_date": "2024-06-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-37305\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-37305"], "statement": "This vulnerability is rated as IMPORTANT because of the flaw involves improper handling of lengths decoded with DECODE_UINT32 for hybrid keys and signatures, leading to unchecked memory reads and writes. This can cause crashes or leak sensitive information, posing a significant risk as it can be exploited remotely without any user interaction or privileges", "threat_severity": "Important"}