61 matches found
CVE-2026-22705
CVE-2026-22705 — RustCrypto: Signatures (ML-DSA) exhibits a timing side-channel in the Decompose algorithm used during signing. The vulnerability arises from variable-time division of r1 by TwoGamma2::U32 on secret-derived data, leaking information about the signing key through timing variations....
CVE-2026-22705 RustCrypto: Signatures has timing side-channel in ML-DSA decomposition
RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature...
CVE-2026-22705 RustCrypto: Signatures has timing side-channel in ML-DSA decomposition
RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature...
CVE-2026-22700
CVE-2026-22700 affects RustCrypto: Elliptic Curves SM2 PKE decrypt paths (DecryptingKey::decrypt, decrypt_digest, decrypt_der) in versions 0.14.0-pre.0 and 0.14.0-rc.0. The vulnerability arises from unchecked slice::split_at on input buffers derived from untrusted ciphertext, enabling bounds-chec...
CVE-2026-22700 RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...
CVE-2026-22699 RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...
EUVD-2026-1875
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...
CVE-2026-22699 RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...
CVE-2026-22699 RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...
CVE-2026-22698 RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...
CVE-2026-22698
CVE-2026-22698 affects the RustCrypto Elliptic Curves library (SM2 PKE) in versions 0.14.0-pre.0 through 0.14.0-rc.0. The root cause is a unit-mismatch in the nonce generation path: the code computes the nonce length as a 32-bit value but feeds it as a bit-length to the RNG, producing a 32-bit en...
EUVD-2026-1876
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...
RustCrypto: Elliptic Curves 输入验证错误漏洞
RustCrypto: Elliptic Curves is a Rust cryptographic library open-sourced by Rust Crypto. An input validation error vulnerability exists in RustCrypto: Elliptic Curves version 0.14.0-pre.0 and 0.14.0-rc.0, which stems from a failure to check for invalid elliptic curve points in the decryption path...
RustCrypto: Elliptic Curves 安全特征问题漏洞
RustCrypto: Elliptic Curves is a Rust cryptographic library open-sourced by Rust Crypto. A security signature issue vulnerability exists in RustCrypto: Elliptic Curves version 0.14.0-pre.0 and 0.14.0-rc.0, which stems from a severe lack of entropy of temporary random numbers in the SM2 public-key...
PT-2026-2250
Name of the Vulnerable Software and Affected Versions RustCrypto versions 0.14.0-pre.0 through 0.14.0-rc.0 Description The RustCrypto Elliptic Curves library provides Elliptic Curve Cryptography ECC support. A denial-of-service issue exists in the SM2 public-key encryption implementation where...
RustCrypto: Signatures 安全漏洞
RustCrypto: Signatures is a cryptographic signature algorithm open-sourced by Rust Crypto. A security vulnerability exists in RustCrypto: Signatures versions prior to 0.1.0-rc.2, which stems from the presence of timing side channels in the Decompose algorithm used during ML-DSA signing...
PT-2026-2249
Name of the Vulnerable Software and Affected Versions RustCrypto versions 0.14.0-pre.0 through 0.14.0-rc.0 Description The RustCrypto Elliptic Curves library provides general purpose Elliptic Curve Cryptography ECC support. A denial-of-service issue exists in the SM2 PKE decryption path where an...
RustCrypto: Elliptic Curves 输入验证错误漏洞
RustCrypto: Elliptic Curves is a Rust cryptographic library open-sourced by Rust Crypto. An input validation error vulnerability exists in RustCrypto: Elliptic Curves version 0.14.0-pre.0 and 0.14.0-rc.0, which stems from an unchecked slice-and-dice operation performed on an input buffer...
PT-2026-2248
Name of the Vulnerable Software and Affected Versions RustCrypto versions 0.14.0-pre.0 through 0.14.0-rc.0 Description The Elliptic Curves library within RustCrypto, a general-purpose Elliptic Curve Cryptography ECC implementation, contains a flaw in its SM2 Public Key Encryption PKE...
PT-2026-2255
Name of the Vulnerable Software and Affected Versions RustCrypto Signatures versions prior to 0.1.0-rc.2 Description RustCrypto Signatures provides support for digital signatures, which authenticate data using public-key cryptography. A timing side-channel was identified in the Decompose algorith...