openmls (>=0.4.0-pre.1 <=0.4.0-pre.2), openmls_evercrypt (>=0.1.0-pre.1 <=0.1.0-pre.2) +2 more potentially affected by unknown CVE via hpke-rs (=0.1.2)

hpke-rs CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on hpke-rs and may be impacted: - openmls =0.4.0-pre.1, =0.1.0-pre.1, =0.1.0, =0.3.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0070...

[SECURITY] Fedora 42 Update: rust-crypto-auditing-client-0.2.3-5.fc42

Event broker client for crypto-auditing project...

[SECURITY] Fedora 43 Update: rust-crypto-auditing-event-broker-0.2.4-2.fc43

Event broker for crypto-auditing project...

[SECURITY] Fedora 43 Update: rust-crypto-auditing-log-parser-0.2.4-2.fc43

Event log parser for crypto-auditing project...

openmls (>=0.4.0-pre.1 <=0.4.0-pre.2), openmls_evercrypt (>=0.1.0-pre.1 <=0.1.0-pre.2) +2 more potentially affected by unknown CVE via hpke-rs (=0.1.2)

hpke-rs CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on hpke-rs and may be impacted: - openmls =0.4.0-pre.1, =0.1.0-pre.1, =0.1.0, =0.3.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0071...

hpke-rs (>=0.1.0-pre.1 <=0.1.0-pre.2), openmls (>=0.4.0-pre.1 <=0.4.0-pre.2) +2 more potentially affected by unknown CVE via hpke-rs-rust-crypto (=0.1.1)

hpke-rs-rust-crypto CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on hpke-rs-rust-crypto and may be impacted: - hpke-rs =0.1.0-pre.1, =0.4.0-pre.1, =0.1.0, =0.3.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-00...

Sleep Reveals the Nonce: Breaking ECDSA Using Sleep-Based Power Side-Channel Vulnerability

Security of Elliptic Curve Digital Signature Algorithm ECDSA depends on the secrecy of the per-signature nonce. Even partial nonce leakage can expose the long-term private key through lattice-based cryptanalysis. In this paper, we introduce a previously unexplored power side-channel vulnerability...

CVE-2026-24850

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices

Affected Crate: ml-dsa Affected Versions: v0.1.0-rc.2 and commits since b01c3b7 Severity: Medium Reporter: Oren Yomtov Fireblocks Summary The ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicate hint indices. According ...

CVE-2026-24850

The CVE-2026-24850 issue affects the RustCrypto ml-dsa crate. A regression in the signature verification path allowed repeated hint indices by using a non-strict monotonic check (&lt;=) instead of a strict

CVE-2026-23519

The CVE-2026-23519 entry describes RustCrypto CMOV, which provides conditional move CPU intrinsics. The vulnerability concerns the thumbv6m-none-eabi target (Cortex-M0, M0+, M1) where the compiler emitted non-constant-time assembly for cmovnz prior to version 0.4.4. The issue affects how conditio...

CVE-2026-23519

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi Cortex M0, M0+ and M1 compiler emits non-constant time assembly when using cmovnz...

RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz`

Summary thumbv6m-none-eabi Cortex M0, M0+ and M1 compiler emits non-constant time assembly when using cmovnz portable version. I did not found any other target with the same behaviour but I did not go through all targets supported by Rust. Details It seems that, during mask computation, an LLVM...

RustCrypto security vulnerabilities

RustCrypto is an open-source authentication encryption algorithm with associated data algorithms developed by RustCrypto. Versions of RustCrypto prior to 0.4.4 contained security vulnerabilities, which were caused by the compiler generating non-constant-time assembly code...

CVE-2026-22699

RustCrypto: Elliptic Curves (RustCrypto SM2 PKE) suffers a denial-of-service vulnerability in the decryption path when an invalid EC point is decoded. Affected versions are 0.14.0-pre.0 and 0.14.0-rc.0; AffinePoint::from_encoded_point(&encoded_c1) may yield None, but the code unwraps it, causing ...

CVE-2026-22698 RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

CVE-2026-22698 RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

Fedora: Security Advisory (FEDORA-2025-b6f15a721e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 43 Update: rust-crypto-auditing-agent-0.2.3-5.fc43

Event collector agent for crypto-auditing project...

[SECURITY] Fedora 43 Update: rust-crypto-auditing-event-broker-0.2.3-5.fc43

Event broker for crypto-auditing project...