Description

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point (C1) is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::from_encoded_point(&encoded_c1) may return a None/CtOption::None when the supplied coordinates are syntactically valid but do not lie on the SM2 curve. The calling code previously used .unwrap(), causing a panic when presented with such input. This issue has been patched via commit 085b7be.

INFO

Published Date :

2026-01-10T05:17:22.818Z

Last Modified :

2026-01-12T14:59:18.634Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22699 vulnerability.

Vendors Products
Rustcrypto
  • Elliptic-curves
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22699.

URL Resource
https://github.com/RustCrypto/elliptic-curves/commit/085b7bee647029bd189e1375203418205006bcab cve-icon cve-icon
https://github.com/RustCrypto/elliptic-curves/pull/1602 cve-icon cve-icon
https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact