data/reports/GO-2024-2453.yaml - vulndb - Git at Google

 id: GO-2024-2453
 modules:
     - module: github.com/cloudflare/circl
       versions:
         - fixed: 1.3.7
       vulnerable_at: 1.3.6
       packages:
         - package: github.com/cloudflare/circl/pke/kyber/internal/common
           symbols:
             - Poly.CompressTo
 summary: Timing side channel in github.com/cloudflare/circl
 ghsas:
     - GHSA-9763-4f94-gfch
 references:
     - advisory: https://github.com/cloudflare/circl/security/advisories/GHSA-9763-4f94-gfch
     - fix: https://github.com/cloudflare/circl/commit/75ef91e8a2f438e6ce2b6e620d236add8be1887d
     - web: https://kyberslash.cr.yp.to/
	id: GO-2024-2453
	modules:
	- module: github.com/cloudflare/circl
	versions:
	- fixed: 1.3.7
	vulnerable_at: 1.3.6
	packages:
	- package: github.com/cloudflare/circl/pke/kyber/internal/common
	symbols:
	- Poly.CompressTo
	summary: Timing side channel in github.com/cloudflare/circl
	ghsas:
	- GHSA-9763-4f94-gfch
	references:
	- advisory: https://github.com/cloudflare/circl/security/advisories/GHSA-9763-4f94-gfch
	- fix: https://github.com/cloudflare/circl/commit/75ef91e8a2f438e6ce2b6e620d236add8be1887d
	- web: https://kyberslash.cr.yp.to/