Description
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.
Details
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| circl | — | 1.3.3 |
| github.com/cloudflare/circl | — | — |
References
Similar Threats
- Critical CVE-2026-1229
- Unknown MAL-2025-48486
- Unknown MAL-2025-17051
- Unknown MAL-2025-17052
- Unknown MAL-2024-1984
Free Vulnerability Check
Is your WordPress site affected?
BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.
Scan My Site Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.