{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22705", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-08T19:23:09.857Z", "datePublished": "2026-01-10T06:14:20.292Z", "dateUpdated": "2026-01-12T16:43:06.463Z"}, "containers": {"cna": {"title": "RustCrypto: Signatures has timing side-channel in ML-DSA decomposition", "problemTypes": [{"descriptions": [{"cweId": "CWE-1240", "lang": "en", "description": "CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/RustCrypto/signatures/security/advisories/GHSA-hcp2-x6j4-29j7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/RustCrypto/signatures/security/advisories/GHSA-hcp2-x6j4-29j7"}, {"name": "https://github.com/RustCrypto/signatures/pull/1144", "tags": ["x_refsource_MISC"], "url": "https://github.com/RustCrypto/signatures/pull/1144"}, {"name": "https://github.com/RustCrypto/signatures/commit/035d9eef98486ecd00a8bf418c7817eb14dd6558", "tags": ["x_refsource_MISC"], "url": "https://github.com/RustCrypto/signatures/commit/035d9eef98486ecd00a8bf418c7817eb14dd6558"}], "affected": [{"vendor": "RustCrypto", "product": "signatures", "versions": [{"version": "< 0.1.0-rc.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-10T06:14:20.292Z"}, "descriptions": [{"lang": "en", "value": "RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2."}], "source": {"advisory": "GHSA-hcp2-x6j4-29j7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-12T16:42:51.482698Z", "id": "CVE-2026-22705", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T16:43:06.463Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22705", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-12T16:42:51.482698Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T16:43:01.889Z"}}], "cna": {"title": "RustCrypto: Signatures has timing side-channel in ML-DSA decomposition", "source": {"advisory": "GHSA-hcp2-x6j4-29j7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "RustCrypto", "product": "signatures", "versions": [{"status": "affected", "version": "< 0.1.0-rc.2"}]}], "references": [{"url": "https://github.com/RustCrypto/signatures/security/advisories/GHSA-hcp2-x6j4-29j7", "name": "https://github.com/RustCrypto/signatures/security/advisories/GHSA-hcp2-x6j4-29j7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/RustCrypto/signatures/pull/1144", "name": "https://github.com/RustCrypto/signatures/pull/1144", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/RustCrypto/signatures/commit/035d9eef98486ecd00a8bf418c7817eb14dd6558", "name": "https://github.com/RustCrypto/signatures/commit/035d9eef98486ecd00a8bf418c7817eb14dd6558", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1240", "description": "CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-10T06:14:20.292Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22705", "state": "PUBLISHED", "dateUpdated": "2026-01-12T16:43:06.463Z", "dateReserved": "2026-01-08T19:23:09.857Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-10T06:14:20.292Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2."}, {"lang": "es", "value": "RustCrypto: Signatures ofrece soporte para firmas digitales, que proporcionan autenticaci\u00f3n de datos utilizando criptograf\u00eda de clave p\u00fablica. Antes de la versi\u00f3n 0.1.0-rc.2, se descubri\u00f3 un canal lateral de temporizaci\u00f3n en el algoritmo Decompose que se utiliza durante la firma ML-DSA para generar pistas para la firma. Este problema ha sido parcheado en la versi\u00f3n 0.1.0-rc.2."}], "id": "CVE-2026-22705", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-10T07:16:03.363", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/RustCrypto/signatures/commit/035d9eef98486ecd00a8bf418c7817eb14dd6558"}, {"source": "security-advisories@github.com", "url": "https://github.com/RustCrypto/signatures/pull/1144"}, {"source": "security-advisories@github.com", "url": "https://github.com/RustCrypto/signatures/security/advisories/GHSA-hcp2-x6j4-29j7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1240"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T07:09:10.162388+00:00", "value": {"mitigation_remediation": ["Upgrade RustCrypto:signatures to 0.1.0\u2011rc.2 or later.", "Regenerate all ML\u2011DSA signatures that were created with any earlier version of the crate.", "Ensure that the signing code runs in a constant\u2011time environment, e.g. by compiling with flags that enforce constant\u2011time execution or by adding padding to equalize execution paths."], "summary": {"action": "Update", "impact": "Timing side-channel that can leak information from the Decompose algorithm used in ML-DSA signing, potentially exposing private key material or enabling signature forgery"}, "threat_synthesis": {"affected_systems": "All projects that depend on RustCrypto:signatures instead of version 0.1.0\u2011rc.2 or earlier are affected. This includes any Rust applications or libraries that import the signatures crate and perform ML\u2011DSA signing. The patch is available in the 0.1.0\u2011rc.2 release of the crate.", "description_and_impact": "The Decompose routine in the RustCrypto Signatures library has a timing side\u2011channel that is triggered during ML\u2011DSA signing operations. The side\u2011channel can give a malicious observer access to internal state used to create signature hints, thereby jeopardising the secrecy of the signing key and the authenticity of signatures. The weakness is classified as CWE\u20111240 and does not directly cause crash or denial of service but can compromise confidentiality and integrity of the cryptographic process.", "risk_and_exploitability": "The CVSS score of 6.4 indicates moderate severity, but the EPSS score is below 1\u202f%, suggesting a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to monitor the timing of signing operations with sufficient resolution to extract the leaked data, which typically requires proximity or device\u2011side\u2011channel access. With the published fix in 0.1.0\u2011rc.2, the risk can be mitigated by updating the dependency."}}}}, "created": "2026-01-12T14:36:31.361366+00:00", "updated": "2026-04-18T07:15:25.853741+00:00", "vendors": ["rustcrypto", "rustcrypto$PRODUCT$signatures"]}