CNNVD-202601-1736 Information
CNNVD ID
CNNVD-202601-1736
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
RustCrypto: Elliptic Curves是Rust Crypto开源的一个Rust加密库。 RustCrypto: Elliptic Curves 0.14.0-pre.0版本和0.14.0-rc.0版本存在输入验证错误漏洞,该漏洞源于SM2 PKE解密路径中未检查无效椭圆曲线点,可能导致拒绝服务。
Description (English)
RustCrypto: Elliptic Curves is a RustCrypto-open-source Rust encryption library. RustCrypto: Elliptic Curves 0.14.0-pre.0 and 0.14.0-rc.0 have input authentication error holes, which stem from the failure to check invalid elliptical curve points in the SM2 PKE decryption path and may lead to the denial of services.
Hazard Level
Medium
Vulnerability Type
输入验证错误
Affected Vendor
Rust Crypto
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/RustCrypto/elliptic-curves/commit/085b7bee647029bd189e1375203418205006bcab https://github.com/RustCrypto/elliptic-curves/pull/1602 https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6
Patch
https://github.com/RustCrypto/elliptic-curves/tags
Share on: