Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-29T18:07:07 liboqs: liboqs: Denial of Service due to out-of-bounds read in XMSS/XMSS^MT signature verification 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CWE-1284

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature buffer shorter than the expected signature size for the given parameter set, the implementation does not validate the caller-supplied length and proceeds to read past the end of the buffer. The out-of-bounds bytes are consumed only as input to an internal hash computation and are not returned to the caller, so no oracle exists to leak their contents to an attacker. The primary observable effect is a possible crash (denial of service) of the verifying process if the read crosses into an unmapped memory page. This vulnerability is fixed in 0.16.0.

A flaw was found in liboqs, a C-language cryptographic library. An out-of-bounds read vulnerability exists in the XMSS and XMSS^MT stateful signature verification code. A remote attacker could exploit this by providing a malformed signature that is shorter than expected. This could lead to a denial of service (DoS) if the verifying process attempts to read beyond allocated memory, potentially causing a crash.

This is a Moderate denial of service vulnerability in liboqs, a cryptographic library used in Red Hat products. A remote attacker can trigger an out-of-bounds read during XMSS or XMSS^MT signature verification by supplying a malformed, undersized signature. This can lead to a crash of the verifying process, resulting in a denial of service. Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Red Hat Enterprise Linux 10 Fix deferred liboqs https://www.cve.org/CVERecord?id=CVE-2026-44518 https://nvd.nist.gov/vuln/detail/CVE-2026-44518 https://github.com/open-quantum-safe/liboqs/commit/ef70dea7c85e5637f37828d75e5b9bb29dbfe513 https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-wf7v-fhxj-73m2