13 matches found
CVE-2026-32614
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
SUSE CVE-2026-32614
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
CVE-2026-32614
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
CVE-2026-32614
CVE-2026-32614 concerns the Go ShangMi (GMSM) library’s SM9 decryption, where the ciphertext can be forged if the point C1 is the point at infinity. The root cause is that during decryption, C1 is deserialized and checked for curve membership, but the code does not reject the point at infinity, a...
CVE-2026-32614 Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
CVE-2026-32614 Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
CVE-2026-32614
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
CVE-2026-32614 Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
GO-2026-4694 SM9 Infinity-Point Ciphertext Forgery Vulnerability in github.com/emmansun/gmsm
SM9 Infinity-Point Ciphertext Forgery Vulnerability in github.com/emmansun/gmsm...
SM9 Infinity-Point Ciphertext Forgery Vulnerability
Overview The current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly...
GHSA-5XXP-2VRJ-X855 SM9 Infinity-Point Ciphertext Forgery Vulnerability
Overview The current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly...
EUVD-2026-12101
SM9 Infinity-Point Ciphertext Forgery Vulnerability...
PT-2026-25376
Name of the Vulnerable Software and Affected Versions Go ShangMi Commercial Cryptography Library GMSM versions prior to 0.41.1 Description The Go ShangMi Commercial Cryptography Library GMSM contains a cryptographic vulnerability in the SM9 decryption implementation. The issue stems from a failur...