3 matches found
CVE-2026-22698
CVE-2026-22698 affects the RustCrypto Elliptic Curves library (SM2 PKE) in versions 0.14.0-pre.0 through 0.14.0-rc.0. The root cause is a unit-mismatch in the nonce generation path: the code computes the nonce length as a 32-bit value but feeds it as a bit-length to the RNG, producing a 32-bit en...
CVE-2026-22699
RustCrypto: Elliptic Curves (RustCrypto SM2 PKE) suffers a denial-of-service vulnerability in the decryption path when an invalid EC point is decoded. Affected versions are 0.14.0-pre.0 and 0.14.0-rc.0; AffinePoint::from_encoded_point(&encoded_c1) may yield None, but the code unwraps it, causing ...
CVE-2026-22700
CVE-2026-22700 affects RustCrypto: Elliptic Curves SM2 PKE decrypt paths (DecryptingKey::decrypt, decrypt_digest, decrypt_der) in versions 0.14.0-pre.0 and 0.14.0-rc.0. The vulnerability arises from unchecked slice::split_at on input buffers derived from untrusted ciphertext, enabling bounds-chec...