/

Directory Security Advisories

Security Advisories

CGA-x42q-p28c-pg95

Published

Last updated

https://images.chainguard.dev/security/CGA-x42q-p28c-pg95

Package

opentofu-1.6

Latest Update

Fixed

Fixed Version

1.6.3-r1

Aliases

GHSA-9763-4f94-gfch

Summary

CIRCL's Kyber: timing side-channel (kyberslash2)

Description

Impact

On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.

Does not apply to ephemeral usage, such as when used in the regular way in TLS.

Patches

Patched in 1.3.7.

References

kyberslash.cr.yp.to

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

© 2024 Chainguard. All Rights Reserved.

Product

Chainguard Images

Why Chainguard

Container Image Security Vulnerability Remediation Compliance and Risk Mitigation Software Supply Chain Security AI/ML Security

Customers

Customer Stories Chainguard Love

Company

About Us Pricing Open Source Careers Newsroom Legal

Resources

Unchained Blog Events Trust Center Documentation