{"url":"http://public2.vulnerablecode.io/api/packages/514786?format=json","purl":"pkg:cargo/libcrux-psq@0.0.6","type":"cargo","namespace":"","name":"libcrux-psq","version":"0.0.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.0.7","latest_non_vulnerable_version":"0.0.7","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90572?format=json","vulnerability_id":"VCID-v1fj-xeep-sudq","summary":"Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq`\nIn accordance with our [security policy for `libcrux`](https://github.com/cryspen/libcrux/blob/main/SECURITY.md), we publish a GitHub security advisory for any releases whose CHANGELOG includes bug-fixes, and encourage our users to upgrade. The latest releases of the `libcrux-ecdh`, `libcrux-ed25519` and `libcrux-psq` crates contain the following bug-fixes:\n\n## `libcrux-ecdh`\n\n- [#1301](https://github.com/cryspen/libcrux/pull/1301): Check length and clamping in X25519 secret validation. This is a breaking change since errors are now raised on unclamped X25519 secrets or inputs of the wrong length\n\n## `libcrux-ed25519`\n\n- [#1320](https://github.com/cryspen/libcrux/pull/1320): Remove duplicated clamping step during key generation\n\nThe issue fixed in #1320 was first reported by Nadim Kobeissi.\n## `libcrux-psq`\n\n- [#1319](https://github.com/cryspen/libcrux/pull/1319): Propagate AEADError instead of panicking\n- [#1301](https://github.com/cryspen/libcrux/pull/1301): Fix broken clamping check for imported X25519 secret keys\n\nThe issue fixed in #1319 was first reported by Nadim Kobeissi.","references":[{"reference_url":"https://github.com/cryspen/libcrux","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cryspen/libcrux"},{"reference_url":"https://github.com/cryspen/libcrux/commit/4d6f5d3c2542b6179a6474dec8cfb8b8ddf31a84","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cryspen/libcrux/commit/4d6f5d3c2542b6179a6474dec8cfb8b8ddf31a84"},{"reference_url":"https://github.com/cryspen/libcrux/commit/a09022c5811ca7fd1c6d9a239ff294d64ee86734","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cryspen/libcrux/commit/a09022c5811ca7fd1c6d9a239ff294d64ee86734"},{"reference_url":"https://github.com/cryspen/libcrux/commit/f303b6446c19fe9a7c993f61e426023609cd5fac","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cryspen/libcrux/commit/f303b6446c19fe9a7c993f61e426023609cd5fac"},{"reference_url":"https://github.com/cryspen/libcrux/pull/1301","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cryspen/libcrux/pull/1301"},{"reference_url":"https://github.com/cryspen/libcrux/pull/1319","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cryspen/libcrux/pull/1319"},{"reference_url":"https://github.com/cryspen/libcrux/pull/1320","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cryspen/libcrux/pull/1320"},{"reference_url":"https://github.com/cryspen/libcrux/security/advisories/GHSA-435g-fcv3-8j26","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"0.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cryspen/libcrux/security/advisories/GHSA-435g-fcv3-8j26"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2026-0023.html","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2026-0023.html"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2026-0024.html","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2026-0024.html"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2026-0025.html","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2026-0025.html"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2026-0026.html","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2026-0026.html"},{"reference_url":"https://github.com/advisories/GHSA-435g-fcv3-8j26","reference_id":"GHSA-435g-fcv3-8j26","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-435g-fcv3-8j26"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/514787?format=json","purl":"pkg:cargo/libcrux-psq@0.0.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/libcrux-psq@0.0.7"}],"aliases":["GHSA-435g-fcv3-8j26"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1fj-xeep-sudq"}],"fixing_vulnerabilities":[],"risk_score":"1.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/libcrux-psq@0.0.6"}