Description
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point (C1) is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::from_encoded_point(&encoded_c1) may return a None/CtOption::None when the supplied coordinates are syntactically valid but do not lie on the SM2 curve. The calling code previously used .unwrap(), causing a panic when presented with such input. This issue has been patched via commit 085b7be.
Published: 2026-01-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

RustCrypto’s Elliptic Curves library contains a flaw in the SM2 PKE decryption routine. During decryption, an incoming ciphertext section (C1) is decoded into an elliptic‑curve point without validating that the resulting point lies on the SM2 curve. The library’s code calls `.unwrap()` on the result, which triggers a panic whenever the encoded point is syntactically valid but not on‑curve. This bug is a classic input validation failure (CWE‑20) that can cause a denial‑of‑service condition, as the panic brings the entire application to a halt. The vulnerability exists only in the 0.14.0‑pre.0 and 0.14.0‑rc.0 releases and has been addressed in a later commit.

Affected Systems

Any software that depends on RustCrypto’s ellipic‑curves crate at a pre‑release version of 0.14.0 (both pre‑0.0 and rc.0) is affected. This includes applications that use the SM2 PKE implementation from that crate. Downgrading is not recommended; upgrading to the latest stable release that incorporates commit 085b7be removes the risk.

Risk and Exploitability

With a CVSS score of 7.5 the flaw is considered high severity, but the EPSS score is below 1 % indicating the likelihood of exploitation is low at present. Because the vulnerability manifests when a malformed ciphertext is processed, an attacker could trigger a crash by sending crafted SM2 messages to a service that relies on the vulnerable crate. The KEV catalogue does not list this issue yet, implying no widespread active exploitation has been reported. Nonetheless, the risk remains real for services that expose SM2 decryption without proper input validation.

Generated by OpenCVE AI on April 18, 2026 at 07:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the RustCrypto ellipic‑curves crate to the patched revision (commit 085b7be or any later stable release).
  • If upgrading is not immediately possible, refactor the decryption code to validate the decoded AffinePoint before unwrapping, e.g., check that the point is on‑curve and handle the None case gracefully.
  • Configure the runtime environment to catch panics in the cryptographic library so that a single malformed ciphertext does not bring the entire application down; this reduces the impact of any remaining unpatched code.

Generated by OpenCVE AI on April 18, 2026 at 07:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-78p6-6878-8mj6 SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()
History

Thu, 22 Jan 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Rustcrypto sm2 Elliptic Curve
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:rustcrypto:sm2_elliptic_curve:0.14.0:pre0:*:*:*:rust:*:*
cpe:2.3:a:rustcrypto:sm2_elliptic_curve:0.14.0:rc0:*:*:*:rust:*:*
Vendors & Products Rustcrypto sm2 Elliptic Curve

Mon, 12 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Rustcrypto
Rustcrypto elliptic-curves
Vendors & Products Rustcrypto
Rustcrypto elliptic-curves

Sat, 10 Jan 2026 05:30:00 +0000

Type Values Removed Values Added
Description RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point (C1) is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::from_encoded_point(&encoded_c1) may return a None/CtOption::None when the supplied coordinates are syntactically valid but do not lie on the SM2 curve. The calling code previously used .unwrap(), causing a panic when presented with such input. This issue has been patched via commit 085b7be.
Title RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Rustcrypto Elliptic-curves Sm2 Elliptic Curve
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-12T14:59:18.634Z

Reserved: 2026-01-08T19:23:09.856Z

Link: CVE-2026-22699

cve-icon Vulnrichment

Updated: 2026-01-12T14:58:58.094Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-10T06:15:52.377

Modified: 2026-01-22T14:53:30.840

Link: CVE-2026-22699

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T07:15:25Z

Weaknesses