CVE-2026-22699
Denial-of-Service in RustCrypto Elliptic Curves SM2 Decryption
Publication date: 2026-01-10
Last updated on: 2026-01-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rustcrypto | elliptic_curves | From 0.14.0-rc.0 (inc) |
| rustcrypto | elliptic_curves | From 0.14.0-pre.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a denial-of-service (DoS) issue in the RustCrypto elliptic-curves library's SM2 public key encryption (PKE) decryption implementation. It occurs when the code tries to decode an elliptic curve point (called C1) from ciphertext. The decoding function returns a special option type that can indicate failure if the point is invalid (i.e., the coordinates do not lie on the SM2 curve). However, the code previously used an unsafe unwrap operation on this result without checking validity, causing a panic if the point was invalid. This panic can crash the decrypting process, enabling an attacker to cause a denial-of-service by submitting malformed ciphertexts with invalid curve points. The issue was fixed by replacing the unwrap with proper error handling that returns an error instead of panicking. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to cause a denial-of-service condition in any service using the affected RustCrypto elliptic-curves library for SM2 decryption. By submitting specially crafted ciphertexts containing invalid elliptic curve points, an attacker can trigger a panic in the decryption code, crashing the decrypting thread or process. This attack requires no privileges or user interaction and is easy to perform, potentially disrupting availability of your service. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the SM2 decryption functionality with malformed ciphertexts containing invalid elliptic curve points (C1) that are syntactically valid but do not lie on the SM2 curve. A proof-of-concept involves crafting ASN.1 DER-encoded ciphertexts with arbitrary X and Y coordinates (e.g., repeating 0x11 and 0x22 bytes) that cause the decryption function to panic due to the unwrap on an invalid point. Monitoring for crashes or panics in the decrypting process when processing such inputs indicates the presence of the vulnerability. Specific commands depend on your environment, but generally, you can run tests invoking the vulnerable decrypting APIs with crafted invalid ciphertexts and observe for panics or crashes. No direct network detection commands are provided in the resources. [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation is to update the RustCrypto elliptic-curves library to a version that includes the patch fixing this vulnerability. The fix replaces the unsafe unwrap() call on the decoded elliptic curve point with proper error handling that converts the constant-time option into a standard option and returns an error instead of panicking. This prevents denial-of-service caused by invalid curve points during SM2 decryption. If updating is not immediately possible, consider implementing input validation to reject malformed ciphertexts or wrapping the decryption calls to catch panics and handle them gracefully. [1, 2, 3]