CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

NVD•added 2026/01/10 6:15 a.m.•4 views

CVE-2026-22698

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

8.7CVSS0.00051EPSS

Exploits1References6

CVE•added 2026/01/10 5:17 a.m.•9 views

CVE-2026-22698

CVE-2026-22698 affects the RustCrypto Elliptic Curves library (SM2 PKE) in versions 0.14.0-pre.0 through 0.14.0-rc.0. The root cause is a unit-mismatch in the nonce generation path: the code computes the nonce length as a 32-bit value but feeds it as a bit-length to the RNG, producing a 32-bit en...

8.7CVSS6.5AI score0.00051EPSS

Exploits1References6Affected Software1

Cvelist•added 2026/01/10 5:17 a.m.•20 views

CVE-2026-22698 RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability

8.7CVSS0.00051EPSS

Exploits1References6

EUVD•added 2026/01/10 5:17 a.m.•2 views

EUVD-2026-1876

8.7CVSS6.3AI score0.00051EPSS

Exploits1References6

OSV•added 2026/01/09 10:27 p.m.•1 views

GHSA-W3G8-FP6J-WVQW SM2-PKE has 32-bit Biased Nonce Vulnerability

Summary A critical vulnerability exists in the SM2 Public Key Encryption PKE implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. Th...

8.7CVSS6.5AI score0.00051EPSS

Exploits1References8