CNNVD-202601-1754 Information

CNNVD ID

CNNVD-202601-1754

Related CVE

CVE-2026-22705

• CNNVD Published: 2026-01-10

Description (Chinese)

RustCrypto: Signatures是Rust Crypto开源的一个密码签名算法。 RustCrypto: Signatures 0.1.0-rc.2之前版本存在安全漏洞，该漏洞源于ML-DSA签名期间使用的Decompose算法中存在时序侧信道。

Description (English)

RustCrypto: Signatures is a password signature algorithm for RustCrypto open source. RustCrypto: There was a security loophole in the pre-Signatures 0.1.0-rc.2, which originated from the time-series channel of Decomboce algorithm used during the ML-DSA signature.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Rust Crypto

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/RustCrypto/signatures/commit/035d9eef98486ecd00a8bf418c7817eb14dd6558 https://github.com/RustCrypto/signatures/pull/1144 https://github.com/RustCrypto/signatures/security/advisories/GHSA-hcp2-x6j4-29j7

Patch

https://github.com/RustCrypto/signatures/tags