CNNVD-202601-4836 Information
CNNVD ID
CNNVD-202601-4836
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
RustCrypto signatures是RustCrypto开源的一个数字签名算法集合。 RustCrypto signatures 0.0.4版本至0.1.0-rc.4之前版本存在数据伪造问题漏洞,该漏洞源于签名验证实现错误地接受重复提示索引,可能导致签名验证绕过。
Description (English)
RustCrypto signatures are a collection of digital signature algorithms from RustCrypto open source. RustCrypto signatures 0.0.4 to 0.1.0-rc.4 have a loophole in data forgery, which stems from the fact that the signature authentication achieves the wrong acceptance of a duplicate index of hints and may result in the signature authentication being bypassed.
Hazard Level
High
Vulnerability Type
数据伪造问题
Affected Vendor
RustCrypto
Published
2026-01-28
Last Modified
2026-02-24
References
https://csrc.nist.gov/pubs/fips/204/final https://datatracker.ietf.org/doc/html/rfc9881 https://github.com/C2SP/wycheproof https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_44_verify_test.json https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_65_verify_test.json https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_87_verify_test.json https://github.com/RustCrypto/signatures/commit/400961412be2e2ab787942cf30e0a9b66b37a54a https://github.com/RustCrypto/signatures/commit/b01c3b73dd08d0094e089aa234f78b6089ec1f38 https://github.com/RustCrypto/signatures/issues/894 https://github.com/RustCrypto/signatures/pull/895 https://github.com/RustCrypto/signatures/security/advisories/GHSA-5x2r-hc65-25f9
Patch
https://github.com/RustCrypto/signatures/tags
Share on: