pypqc@0.0.6.1 vulnerabilities

Python bindings for the "PQClean" post-quantum cryptography library.

Direct Vulnerabilities

Known vulnerabilities in the pypqc package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Observable Timing Discrepancy

pypqc is a Python bindings for the "PQClean" post-quantum cryptography library.

Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the decapsulation process. An attacker that is able to submit many decapsulation requests against a single private key and to gain timing information about the decapsulation, could recover the private key.

Notes:

  1. This is only exploitable for kyber512, kyber768 and kyber1024 on Mac OS or when compiled with clang.

  2. The 0.0.7 -> 0.0.7.1 upgrade, when available, should be a drop-in replacement.

How to fix Observable Timing Discrepancy?

There is no fixed version for pypqc.

[0.0.6,)