CNNVD-202601-1734 Information
CNNVD ID
CNNVD-202601-1734
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
RustCrypto: Elliptic Curves是Rust Crypto开源的一个Rust加密库。 RustCrypto: Elliptic Curves 0.14.0-pre.0版本和0.14.0-rc.0版本存在安全特征问题漏洞,该漏洞源于SM2公钥加密实现中临时随机数熵严重不足,可能导致加密被破解。
Description (English)
RustCrypto: Elliptic Curves is a RustCrypto-open-source Rust encryption library. RustCrypto: Elliptic Curves 0.14.0-pre.0 and 0.14.0-rc.0 have security feature loopholes, which stem from the serious lack of temporary random numbers of entropy in SM2 key encryption, which may lead to encryption being broken.
Hazard Level
High
Vulnerability Type
安全特征问题
Affected Vendor
Rust Crypto
Published
2026-01-10
Last Modified
2026-02-24
References
https://crates.io/crates/sm2/0.14.0-pre.0 https://crates.io/crates/sm2/0.14.0-rc.0 https://github.com/RustCrypto/elliptic-curves/commit/4781762f23ff22ab34763410f648128055c93731 https://github.com/RustCrypto/elliptic-curves/commit/e4f77788130d065d760e57fb109370827110a525 https://github.com/RustCrypto/elliptic-curves/pull/1600 https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-w3g8-fp6j-wvqw
Patch
https://github.com/RustCrypto/elliptic-curves/tags
Share on: