blob: 9b1901e4d6490be5f128172c4c30c20a6cabb8c0 [file] [log] [blame]
id: GO-2024-2453
modules:
- module: github.com/cloudflare/circl
versions:
- fixed: 1.3.7
vulnerable_at: 1.3.6
packages:
- package: github.com/cloudflare/circl/pke/kyber/internal/common
symbols:
- Poly.CompressTo
summary: Timing side channel in github.com/cloudflare/circl
ghsas:
- GHSA-9763-4f94-gfch
references:
- advisory: https://github.com/cloudflare/circl/security/advisories/GHSA-9763-4f94-gfch
- fix: https://github.com/cloudflare/circl/commit/75ef91e8a2f438e6ce2b6e620d236add8be1887d
- web: https://kyberslash.cr.yp.to/
review_status: REVIEWED