By vendor
Openquantumsafe vulnerabilities
Known CVEs affecting Openquantumsafe products, prioritized by severity, with SEC.co remediation and detection guidance.
2 published vulnerabilities
- CVE-2026-44518MEDIUM 5.3
liboqs, an open-source cryptographic library implementing post-quantum algorithms, contains an out-of-bounds read flaw in its XMSS and XMSS^MT signature verification routines. When a verification function receives a signature buffer shorter than expected, the code reads beyond the buffer boundary without length validation. While the out-of-bounds bytes are only used internally for hashing and cannot leak sensitive data, the read can crash the verifying process if it accesses unmapped memory, creating a denial-of-service risk. The issue is resolved in version 0.16.0.
- CVE-2026-46344MEDIUM 5.3
liboqs, an open-source cryptographic library implementing post-quantum algorithms, contains a flaw in its XMSS and XMSS^MT signature verification code. When verifying a signature, the code re-parses algorithm metadata from the public key and uses that metadata to determine how many bytes to read from the signature buffer. An attacker can craft a mismatched public key whose metadata claims a larger signature format than the buffer actually contains, causing an out-of-bounds read. While the read data is only used internally for hashing and cannot be stolen, it can crash the verification process if it reaches unmapped memory.