Vulnerability Database

Published: Jan 8, 2024
Updated: Jan 9, 2024
GHSA: <a href="https://github.com/advisories/GHSA-9763-4f94-gfch" target="_blank" rel="noopener"> GHSA-9763-4f94-gfch
Severity: High
Exploit:

309,364

Total vulnerabilities in the database

On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.

Does not apply to ephemeral usage, such as when used in the regular way in TLS.

Patched in 1.3.7.

No technical information available.

No CWE or OWASP classifications available.

Software	From	Fixed in
github.com/cloudflare/circl	-	1.3.7

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.