Description
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 public-key encryption (PKE) implementation: the decrypt() path performs unchecked slice::split_at operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encoded structures to trigger bounds-check panics (Rust unwinding) which crash the calling thread or process. This issue has been patched via commit e60e991.
Published: 2026-01-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via bounds‑check panic in SM2‑PKE decrypt
Action: Patch Update
AI Analysis

Impact

The SM2 public‑key encryption implementation in the RustCrypto elliptic‑curve crate exhibits a CWE-20 Input Validation weakness, failing to validate the length of input ciphertext before performing operations that split slices. An attacker can provide undersized or specially crafted DER‑encoded data that causes a bounds‑check panic in Rust, which unwinds and terminates the calling thread or the process, resulting in denial of service.

Affected Systems

Affected packages are RustCrypto:elliptic‑curves, specifically the SM2 elliptic curve crate versions 0.14.0‑pre.0 and 0.14.0‑rc.0. Any application that imports this crate and uses the decrypt() function on data originating from untrusted sources is vulnerable.

Risk and Exploitability

With a CVSS score of 7.5 and an EPSS of less than 1%, the likelihood of exploitation is low but the impact is severe. Attackers only need to supply malicious ciphertext to trigger a bounds‑check panic, which terminates the thread or entire process, causing denial of service. The vulnerability is not yet in the CISA KEV catalog, but its severity warrants prompt remediation. In the absence of defensive panic handling, the crash will propagate upward, potentially bringing down critical services.

Generated by OpenCVE AI on April 18, 2026 at 16:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the elliptic‑curves crate to version 0.14.0 or later, which includes the commit that fixes bounds‑check validation.
  • If you cannot upgrade immediately, add explicit length validation before calling decrypt() or wrap the decrypt call in a panic‑catching boundary to prevent the entire application from crashing.
  • Disable or restrict use of the SM2‑PKE decrypt functionality for untrusted data, or replace it with a vetted cryptography library that correctly validates input lengths.

Generated by OpenCVE AI on April 18, 2026 at 16:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-j9xq-69pf-pcm8 RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE
History

Thu, 22 Jan 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Rustcrypto sm2 Elliptic Curve
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:rustcrypto:sm2_elliptic_curve:0.14.0:pre0:*:*:*:rust:*:*
cpe:2.3:a:rustcrypto:sm2_elliptic_curve:0.14.0:rc0:*:*:*:rust:*:*
Vendors & Products Rustcrypto sm2 Elliptic Curve

Mon, 12 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Rustcrypto
Rustcrypto elliptic-curves
Vendors & Products Rustcrypto
Rustcrypto elliptic-curves

Sat, 10 Jan 2026 05:30:00 +0000

Type Values Removed Values Added
Description RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 public-key encryption (PKE) implementation: the decrypt() path performs unchecked slice::split_at operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encoded structures to trigger bounds-check panics (Rust unwinding) which crash the calling thread or process. This issue has been patched via commit e60e991.
Title RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Rustcrypto Elliptic-curves Sm2 Elliptic Curve
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-12T14:46:46.227Z

Reserved: 2026-01-08T19:23:09.856Z

Link: CVE-2026-22700

cve-icon Vulnrichment

Updated: 2026-01-12T14:46:26.854Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-10T06:15:52.517

Modified: 2026-01-22T14:53:48.393

Link: CVE-2026-22700

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:45:05Z

Weaknesses