CVE-2024-31510 — CRITICAL (9.8)

Vulnerability Description

An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openquantumsafe	Liboqs	0.10.0

Related Weaknesses (CWE)

CWE-1319 CWE-327

References

https://gist.github.com/liang-junkai/a9fc693f8bdf176e9d9f56773bf20703Third Party Advisory
https://github.com/liang-junkai/Fault-injection-of-ML-DSAExploitMitigation
https://github.com/open-quantum-safe/liboqsProduct
https://gist.github.com/liang-junkai/a9fc693f8bdf176e9d9f56773bf20703Third Party Advisory
https://github.com/liang-junkai/Fault-injection-of-ML-DSAExploitMitigation
https://github.com/open-quantum-safe/liboqsProduct

FAQ

What is CVE-2024-31510?

CVE-2024-31510 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c comp...

How severe is CVE-2024-31510?

CVE-2024-31510 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-31510?

Check the references section above for vendor advisories and patch information. Affected products include: Openquantumsafe Liboqs.