CNNVD-202601-1737 Information
CNNVD ID
CNNVD-202601-1737
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
RustCrypto: Elliptic Curves是Rust Crypto开源的一个Rust加密库。 RustCrypto: Elliptic Curves 0.14.0-pre.0版本和0.14.0-rc.0版本存在输入验证错误漏洞,该漏洞源于SM2公钥加密实现中对源自不受信任密文的输入缓冲区执行未检查的切片分割操作,可能导致拒绝服务攻击。
Description (English)
RustCrypto: Elliptic Curves is a RustCrypto-open-source Rust encryption library. RustCrypto: Elliptic Curves 0.14.0-pre.0 and 0.14.0-rc.0 have input authentication error holes, which stem from uninspected slices of uninspected entry of untrusted secret text into the buffer zone carried out by SM2 key encryption.
Hazard Level
Medium
Vulnerability Type
输入验证错误
Affected Vendor
Rust Crypto
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/RustCrypto/elliptic-curves/commit/e60e99167a9a2b187ebe80c994c5204b0fdaf4ab https://github.com/RustCrypto/elliptic-curves/pull/1603 https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-j9xq-69pf-pcm8
Patch
https://github.com/RustCrypto/elliptic-curves/tags
Share on: