FKIE_CVE-2026-22699

Vulnerability from fkie_nvd - Published: 2026-01-10 06:15 - Updated: 2026-01-22 14:53
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point (C1) is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::from_encoded_point(&encoded_c1) may return a None/CtOption::None when the supplied coordinates are syntactically valid but do not lie on the SM2 curve. The calling code previously used .unwrap(), causing a panic when presented with such input. This issue has been patched via commit 085b7be.
References
security-advisories@github.comhttps://github.com/RustCrypto/elliptic-curves/commit/085b7bee647029bd189e1375203418205006bcabPatch
security-advisories@github.comhttps://github.com/RustCrypto/elliptic-curves/pull/1602Issue Tracking, Patch
security-advisories@github.comhttps://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6Exploit, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6Exploit, Vendor Advisory
Impacted products
Vendor Product Version
rustcrypto sm2_elliptic_curve 0.14.0
rustcrypto sm2_elliptic_curve 0.14.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rustcrypto:sm2_elliptic_curve:0.14.0:pre0:*:*:*:rust:*:*",
              "matchCriteriaId": "5F5BCFE9-1585-4A90-857F-7F9E1B9C9ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustcrypto:sm2_elliptic_curve:0.14.0:rc0:*:*:*:rust:*:*",
              "matchCriteriaId": "B584C50F-8ED4-45F4-8799-7CCFE8D4DF66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point (C1) is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::from_encoded_point(\u0026encoded_c1) may return a None/CtOption::None when the supplied coordinates are syntactically valid but do not lie on the SM2 curve. The calling code previously used .unwrap(), causing a panic when presented with such input. This issue has been patched via commit 085b7be."
    },
    {
      "lang": "es",
      "value": "RustCrypto: Curvas El\u00edpticas es soporte de Criptograf\u00eda de Curva El\u00edptica (ECC) de prop\u00f3sito general, incluyendo tipos y rasgos para representar varias formas de curvas el\u00edpticas, escalares, puntos y claves p\u00fablicas/secretas compuestas de ellos. En las versiones 0.14.0-pre.0 y 0.14.0-rc.0, existe una vulnerabilidad de denegaci\u00f3n de servicio en la ruta de descifrado SM2 PKE donde un punto de curva el\u00edptica (C1) inv\u00e1lido es decodificado y el valor resultante es desempaquetado sin verificaci\u00f3n. Espec\u00edficamente, AffinePoint::from_encoded_point(\u0026amp;encoded_c1) puede devolver un None/CtOption::None cuando las coordenadas proporcionadas son sint\u00e1cticamente v\u00e1lidas pero no se encuentran en la curva SM2. El c\u00f3digo llamador usaba previamente .unwrap(), causando un p\u00e1nico cuando se le presentaba dicha entrada. Este problema ha sido parcheado a trav\u00e9s del commit 085b7be."
    }
  ],
  "id": "CVE-2026-22699",
  "lastModified": "2026-01-22T14:53:30.840",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-10T06:15:52.377",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/RustCrypto/elliptic-curves/commit/085b7bee647029bd189e1375203418205006bcab"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/RustCrypto/elliptic-curves/pull/1602"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.