cve/2024/CVE-2024-37305.md

### [CVE-2024-37305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37305)
![](https://img.shields.io/static/v1?label=Product&message=oqs-provider&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.6.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%3A%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-130%3A%20Improper%20Handling%20of%20Length%20Parameter%20Inconsistency&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-680%3A%20Integer%20Overflow%20to%20Buffer%20Overflow&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-805%3A%20Buffer%20Access%20with%20Incorrect%20Length%20Value&color=brighgreen)

### Description

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/chnzzh/OpenSSL-CVE-lib
Update CVE sources 2024-06-22 09:37 2024-06-22 09:37:59 +00:00			`### [CVE-2024-37305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37305)`
			`![](https://img.shields.io/static/v1?label=Product&message=oqs-provider&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.6.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%3A%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-130%3A%20Improper%20Handling%20of%20Length%20Parameter%20Inconsistency&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-680%3A%20Integer%20Overflow%20to%20Buffer%20Overflow&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-805%3A%20Buffer%20Access%20with%20Incorrect%20Length%20Value&color=brighgreen)`

			`### Description`

			oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/chnzzh/OpenSSL-CVE-lib`