{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22699", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-08T19:23:09.856Z", "datePublished": "2026-01-10T05:17:22.818Z", "dateUpdated": "2026-01-12T14:59:18.634Z"}, "containers": {"cna": {"title": "RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6"}, {"name": "https://github.com/RustCrypto/elliptic-curves/pull/1602", "tags": ["x_refsource_MISC"], "url": "https://github.com/RustCrypto/elliptic-curves/pull/1602"}, {"name": "https://github.com/RustCrypto/elliptic-curves/commit/085b7bee647029bd189e1375203418205006bcab", "tags": ["x_refsource_MISC"], "url": "https://github.com/RustCrypto/elliptic-curves/commit/085b7bee647029bd189e1375203418205006bcab"}], "affected": [{"vendor": "RustCrypto", "product": "elliptic-curves", "versions": [{"version": "= 0.14.0-pre.0", "status": "affected"}, {"version": "= 0.14.0-rc.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-10T05:17:22.818Z"}, "descriptions": [{"lang": "en", "value": "RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point (C1) is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::from_encoded_point(&encoded_c1) may return a None/CtOption::None when the supplied coordinates are syntactically valid but do not lie on the SM2 curve. The calling code previously used .unwrap(), causing a panic when presented with such input. This issue has been patched via commit 085b7be."}], "source": {"advisory": "GHSA-78p6-6878-8mj6", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-12T14:59:15.477126Z", "id": "CVE-2026-22699", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T14:59:18.634Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22699", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-12T14:59:15.477126Z"}}}], "references": [{"url": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T14:58:58.094Z"}}], "cna": {"title": "RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()", "source": {"advisory": "GHSA-78p6-6878-8mj6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "RustCrypto", "product": "elliptic-curves", "versions": [{"status": "affected", "version": "= 0.14.0-pre.0"}, {"status": "affected", "version": "= 0.14.0-rc.0"}]}], "references": [{"url": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6", "name": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/RustCrypto/elliptic-curves/pull/1602", "name": "https://github.com/RustCrypto/elliptic-curves/pull/1602", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/RustCrypto/elliptic-curves/commit/085b7bee647029bd189e1375203418205006bcab", "name": "https://github.com/RustCrypto/elliptic-curves/commit/085b7bee647029bd189e1375203418205006bcab", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point (C1) is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::from_encoded_point(&encoded_c1) may return a None/CtOption::None when the supplied coordinates are syntactically valid but do not lie on the SM2 curve. The calling code previously used .unwrap(), causing a panic when presented with such input. This issue has been patched via commit 085b7be."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-10T05:17:22.818Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22699", "state": "PUBLISHED", "dateUpdated": "2026-01-12T14:59:18.634Z", "dateReserved": "2026-01-08T19:23:09.856Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-10T05:17:22.818Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rustcrypto:sm2_elliptic_curve:0.14.0:pre0:*:*:*:rust:*:*", "matchCriteriaId": "5F5BCFE9-1585-4A90-857F-7F9E1B9C9ADA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rustcrypto:sm2_elliptic_curve:0.14.0:rc0:*:*:*:rust:*:*", "matchCriteriaId": "B584C50F-8ED4-45F4-8799-7CCFE8D4DF66", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point (C1) is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::from_encoded_point(&encoded_c1) may return a None/CtOption::None when the supplied coordinates are syntactically valid but do not lie on the SM2 curve. The calling code previously used .unwrap(), causing a panic when presented with such input. This issue has been patched via commit 085b7be."}], "id": "CVE-2026-22699", "lastModified": "2026-01-22T14:53:30.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-10T06:15:52.377", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/RustCrypto/elliptic-curves/commit/085b7bee647029bd189e1375203418205006bcab"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/RustCrypto/elliptic-curves/pull/1602"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T07:11:32.561977+00:00", "value": {"mitigation_remediation": ["Upgrade the RustCrypto ellipic\u2011curves crate to the patched revision (commit\u202f085b7be or any later stable release).", "If upgrading is not immediately possible, refactor the decryption code to validate the decoded AffinePoint before unwrapping, e.g., check that the point is on\u2011curve and handle the None case gracefully.", "Configure the runtime environment to catch panics in the cryptographic library so that a single malformed ciphertext does not bring the entire application down; this reduces the impact of any remaining unpatched code."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Any software that depends on RustCrypto\u2019s ellipic\u2011curves crate at a pre\u2011release version of 0.14.0 (both pre\u20110.0 and rc.0) is affected. This includes applications that use the SM2 PKE implementation from that crate. Downgrading is not recommended; upgrading to the latest stable release that incorporates commit\u202f085b7be removes the risk.", "description_and_impact": "RustCrypto\u2019s Elliptic Curves library contains a flaw in the SM2 PKE decryption routine. During decryption, an incoming ciphertext section (C1) is decoded into an elliptic\u2011curve point without validating that the resulting point lies on the SM2 curve. The library\u2019s code calls `.unwrap()` on the result, which triggers a panic whenever the encoded point is syntactically valid but not on\u2011curve. This bug is a classic input validation failure (CWE\u201120) that can cause a denial\u2011of\u2011service condition, as the panic brings the entire application to a halt. The vulnerability exists only in the 0.14.0\u2011pre.0 and 0.14.0\u2011rc.0 releases and has been addressed in a later commit.", "risk_and_exploitability": "With a CVSS score of 7.5 the flaw is considered high severity, but the EPSS score is below 1\u202f% indicating the likelihood of exploitation is low at present. Because the vulnerability manifests when a malformed ciphertext is processed, an attacker could trigger a crash by sending crafted SM2 messages to a service that relies on the vulnerable crate. The KEV catalogue does not list this issue yet, implying no widespread active exploitation has been reported. Nonetheless, the risk remains real for services that expose SM2 decryption without proper input validation."}}}}, "created": "2026-01-12T14:36:53.078866+00:00", "updated": "2026-04-18T07:15:25.857393+00:00", "vendors": ["rustcrypto", "rustcrypto$PRODUCT$elliptic-curves"]}