8.2

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-rc4p-p3j9-6577

EPSS Score

CWE

Published

2/22/2024

Updated

3/19/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-rc4p-p3j9-6577

GHSA-rc4p-p3j9-6577: pypqc private key retrieval vulnerability

Impact

kyber512, kyber768, and kyber1024 only: An attacker able to submit many decapsulation requests against a single private key, and to gain timing information about the decapsulation, could recover the private key. Proof-of-concept exploit exists for a local attacker.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C

Patches

Version 0.0.6.1 and newer of PyPQC is patched.

Workarounds

No workarounds have been reported. The 0.0.6 -> 0.0.6.1 upgrade should be a drop-in replacement; it has no known breaking changes.

References

Timeline

Cryspen researchers privately reported KyberSlash to the reference implementation maintainers.
Peter Schwabe partially patched KyberSlash (only "KyberSlash 1") in the reference implementation on December 1st, 2023, but did not document or advertise this as a security patch.
https://www.github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220
Daniel J. Bernstein publicly reported KyberSlash as a security issue on December 15th, 2023.
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/hWqFJCucuj4/m/-Z-jm_k9AAAJ
Daniel J. Bernstein created a webpage for authoritative reference about KyberSlash on December 19th, 2023.
https://kyberslash.cr.yp.to/
Thom Wiggers acknowledged KyberSlash as a security issue on December 19th, 2023.
https://www.github.com/PQClean/PQClean/issues/533
Prasanna Ravi and Matthias Kannwischer privately reported further details about KyberSlash ("KyberSlash 2") to the reference implementation maintainers.
Peter Schwabe completely patched KyberSlash in the reference implementation on December 29th, 2023. https://www.github.com/pq-crystals/kyber/commit/11d00ff1f20cfca1f72d819e5a45165c1e0a2816
Prasanna Ravi and Matthias Kannwischer publicly reported their findings ("KyberSlash 2") on December 30th, 2023.
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ
Daniel J. Bernstein published a proof-of-concept exploit (only validated for a local attacker) for KyberSlash on December 30th, 2023.
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/uIOqRF5BAwAJ
Thom Wiggers completely patched KyberSlash in PQClean on January 25th, 2024.
https://www.github.com/PQClean/PQClean/commit/3b43bc6fe46fe47be38f87af5019a7f1462ae6dd
James E. A. completely patched KyberSlash in pypqc and released a security update on January 26th, 2024.
https://www.github.com/JamesTheAwesomeDude/pypqc/commit/b33fec8cd36e865f8db6215c64b2d01f429a1ed6

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-rc4p-p3j9-6577

GHSA-rc4p-p3j9-6577:

8.2

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-rc4p-p3j9-6577

EPSS Score

CWE

Published

2/22/2024

Updated

3/19/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pypqc	pip	>= 0.0.4, < 0.0.6.1	0.0.6.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from division operations (KYBER_Q) in polynomial compression/decompression functions that process secret data. The commit diffs show these functions were patched to replace divisions with constant-time arithmetic (e.g., 80635*()>>28 instead of /KYBER_Q). These functions are explicitly called out in KyberSlash1/KyberSlash2 disclosures and CVE analysis. The affected functions handle private key material during decapsulation, making them high-confidence candidates for the vulnerability source.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.2

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-rc4p-p3j9-6577: pypqc private key retrieval vulnerability

Impact

Patches

Workarounds

References

Timeline

GHSA-rc4p-p3j9-6577:

8.2

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

8.2

8.2

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

GHSA-rc4p-p3j9-6577: pypqc private key retrieval vulnerability

Impact

Patches

Workarounds

References

Timeline

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI