Description

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 public-key encryption (PKE) implementation: the decrypt() path performs unchecked slice::split_at operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encoded structures to trigger bounds-check panics (Rust unwinding) which crash the calling thread or process. This issue has been patched via commit e60e991.

INFO

Published Date :

2026-01-10T05:17:25.583Z

Last Modified :

2026-01-12T14:46:46.227Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22700 vulnerability.

Vendors Products
Rustcrypto
  • Elliptic-curves
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22700.

URL Resource
https://github.com/RustCrypto/elliptic-curves/commit/e60e99167a9a2b187ebe80c994c5204b0fdaf4ab cve-icon cve-icon
https://github.com/RustCrypto/elliptic-curves/pull/1603 cve-icon cve-icon
https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-j9xq-69pf-pcm8 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact