RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve for…
Published:
9 January 2026 at 23:00:00
Alert date:
10 January 2026 at 13:10:58
Source:
nvd.nist.gov
CVE-2026-22700 affects RustCrypto: Elliptic Curves library versions 0.14.0-pre.0 and 0.14.0-rc.0. A denial-of-service vulnerability exists in the SM2 public-key encryption implementation where the decrypt() function performs unchecked slice::split_at operations on untrusted input buffers. Attackers can submit malformed ciphertext or crafted DER-encoded structures to trigger bounds-check panics that crash the calling thread or process. The vulnerability has been patched in commit e60e991. This affects the general purpose Elliptic Curve Cryptography support library used for representing elliptic curve forms, scalars, points, and cryptographic keys.
Technical details
Mitigation steps:
Affected products:
RustCrypto Elliptic Curves
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-22700
https://github.com/RustCrypto/elliptic-curves/commit/e60e99167a9a2b187ebe80c994c5204b0fdaf4ab
https://github.com/RustCrypto/elliptic-curves/pull/1603
https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-j9xq-69pf-pcm8
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.