Description
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature buffer shorter than the expected signature size for the given parameter set, the implementation does not validate the caller-supplied length and proceeds to read past the end of the buffer. The out-of-bounds bytes are consumed only as input to an internal hash computation and are not returned to the caller, so no oracle exists to leak their contents to an attacker. The primary observable effect is a possible crash (denial of service) of the verifying process if the read crosses into an unmapped memory page. This vulnerability is fixed in 0.16.0.
Published: 2026-05-29
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability involves an out‑of‑bounds read in the XMSS and XMSS^MT signature verification code of liboqs. If a caller supplies a signature buffer that is shorter than the expected size for the chosen parameter set, the function does not check the length and reads beyond the buffer. The leaked bytes are only used as input to an internal hash, so they cannot be retrieved by an attacker. The primary observable effect is a potential crash of the verifying process if the read crosses into unmapped memory, resulting in a denial‑of‑service condition.

Affected Systems

The issue affects the open‑quantum‑safe liboqs library for any version earlier than 0.16.0. Applications that link against these older releases are susceptible.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, and the vulnerability is not listed in the CISA KEV catalogue. The EPSS score of <1% indicates the probability of exploitation is very low. Because the exploit requires an attacker to supply malformed signature data to the verification routine, the risk is primarily local or remote depending on whether the library is exposed through an application. There is no known exploitation that leads to information disclosure or code execution; the immediate risk is a disabling denial‑of‑service of the verifying process. Updating to 0.16.0 removes the flaw, and until then protective coding practices such as validating signature lengths can mitigate the risk.

Generated by OpenCVE AI on June 2, 2026 at 13:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade liboqs to version 0.16.0 or later to eliminate the vulnerability.
  • Rebuild all dependent applications so they link against the updated library.
  • Perform integration testing by feeding short or malformed signatures to the verification functions to ensure that the application no longer crashes, and monitor logs for any remaining crash incidents.

Generated by OpenCVE AI on June 2, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Openquantumsafe
Openquantumsafe liboqs
CPEs cpe:2.3:a:openquantumsafe:liboqs:*:*:*:*:*:*:*:*
Vendors & Products Openquantumsafe
Openquantumsafe liboqs

Tue, 02 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1284
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 29 May 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Open Quantum Safe
Open Quantum Safe liboqs
Vendors & Products Open Quantum Safe
Open Quantum Safe liboqs

Fri, 29 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature buffer shorter than the expected signature size for the given parameter set, the implementation does not validate the caller-supplied length and proceeds to read past the end of the buffer. The out-of-bounds bytes are consumed only as input to an internal hash computation and are not returned to the caller, so no oracle exists to leak their contents to an attacker. The primary observable effect is a possible crash (denial of service) of the verifying process if the read crosses into an unmapped memory page. This vulnerability is fixed in 0.16.0.
Title liboqs: XMSS Buffer Overread Bug
Weaknesses CWE-125
CWE-20
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Open Quantum Safe Liboqs
Openquantumsafe Liboqs
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-29T18:41:01.927Z

Reserved: 2026-05-06T18:28:20.888Z

Link: CVE-2026-44518

cve-icon Vulnrichment

Updated: 2026-05-29T18:40:43.814Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-29T19:16:24.263

Modified: 2026-06-04T18:36:05.240

Link: CVE-2026-44518

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-29T18:07:07Z

Links: CVE-2026-44518 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T14:00:10Z

Weaknesses
  • CWE-125

    Out-of-bounds Read

  • CWE-1284

    Improper Validation of Specified Quantity in Input

  • CWE-20

    Improper Input Validation