Vulnerability Description
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pqclean Project | Pqclean | - |
Related Weaknesses (CWE)
References
- https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-202Third Party AdvisoryUS Government Resource
- https://eprint.iacr.org/2023/050Third Party Advisory
- https://github.com/PQClean/PQClean/tree/d03da3053491e767ef842deaef43fc5bdb6bc911Third Party Advisory
- https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-202Third Party AdvisoryUS Government Resource
- https://eprint.iacr.org/2023/050Third Party Advisory
- https://github.com/PQClean/PQClean/tree/d03da3053491e767ef842deaef43fc5bdb6bc911Third Party Advisory
FAQ
What is CVE-2023-24025?
CVE-2023-24025 is a vulnerability with a CVSS score of 7.5 (HIGH). CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermed...
How severe is CVE-2023-24025?
CVE-2023-24025 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-24025?
Check the references section above for vendor advisories and patch information. Affected products include: Pqclean Project Pqclean.