GHSA-753p-wrj5-g8fj: 
Rust vulnerability analysis and mitigation

A correctness error has been identified in the reference implementation of the HQC (Hamming Quasi-Cyclic) key encapsulation mechanism. The vulnerability, tracked as GHSA-753p-wrj5-g8fj and CVE-2024-54137, was discovered in December 2024. The issue affects HQC implementations in PQClean and related packages prior to their respective security patches (OQS Advisory, PQClean Advisory).

The vulnerability stems from an indexing error in the 2023/04/30 version of the HQC specification and reference implementation. An extra field (sigma) was added to the secret key structure to enable implicit rejection of malformed ciphertexts, but the logic to retrieve the public key from the secret key in the decapsulation function was not updated accordingly. As a result, sigma is treated as part of the public key. Additionally, an incorrectly constructed comparison check allows this error to go undetected (PQClean Advisory).

Due to the interaction of these two bugs, the decapsulation function never uses sigma to perform implicit rejection as intended. Instead, it accepts malformed ciphertexts and returns shared secrets based on their decryptions. While no concrete attack exploiting this error has been identified, the mishandling of secret key data presents a potential security vulnerability (OQS Advisory).

The issue has been patched in various implementations. PQClean users should update to include the fixes proposed in PR #578. For the Rust implementation, pqcrypto-hqc has been updated to version 0.2.1. LibOQS users should update to version 0.12.0 or higher (PQClean PR, Rust Fix).