Miggo Logo
Miggo Vulnerability Database
GHSA-h864-m8vm-3xvj

GHSA-h864-m8vm-3xvj: oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-h864-m8vm-3xvj
EPSS Score
-
CWE
-
Published
8/18/2022
Updated
1/7/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
oqsrust< 0.7.20.7.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability specifically affects all Rainbow Level I parametersets (RainbowI* variants) as stated in the advisory. These algorithm variants implement the broken parameters that allow practical key recovery. The file path is inferred from standard Rust crate structure where signature algorithms would be defined in sig.rs. Confidence is high because the advisory explicitly names these variants as insecure and they were removed in the patched version.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W*r* **ull*ns *oun* * pr**ti**l k*y-r**ov*ry *tt**k ***inst R*in*ow. T** l*v*l I p*r*m*t*rs*ts *r* r*mov** *rom li*oqs st*rtin* *rom v*rsion `*.*.*`. *in* t** s*i*nti*i* **t*ils in [*r**kin* R*in*ow T*k*s * W**k*n* on * L*ptop](*ttps://*print.i**r.or

Reasoning

T** vuln*r**ility sp**i*i**lly *****ts *ll R*in*ow L*v*l I p*r*m*t*rs*ts (R*in*owI* v*ri*nts) *s st*t** in t** **visory. T**s* *l*orit*m v*ri*nts impl*m*nt t** *rok*n p*r*m*t*rs t**t *llow pr**ti**l k*y r**ov*ry. T** *il* p*t* is in**rr** *rom st*n**