CVE-2026-22700
Denial-of-Service in RustCrypto SM2 PKE via Unchecked Buffer Access
Publication date: 2026-01-10
Last updated on: 2026-01-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rustcrypto | elliptic_curves | 0.14.0-rc.0 |
| rustcrypto | elliptic_curves | 0.14.0-pre.0 |
| rust | sm2 | 0.14.0-rc.0 |
| rust | sm2 | 0.14.0-pre.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22700 is a denial-of-service (DoS) vulnerability in the SM2 public-key encryption implementation of the RustCrypto elliptic-curves library. The vulnerability occurs because the decrypt() function performs unchecked slice splitting operations on input ciphertext buffers without verifying their length. If an attacker submits a short or malformed ciphertext, these unchecked operations cause Rust panics, which crash the thread or process handling the decryption. This can be exploited remotely without privileges or user interaction by sending crafted ciphertexts that trigger these panics. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to cause a denial-of-service condition in your application that uses the vulnerable RustCrypto elliptic-curves library for SM2 decryption. By sending short or malformed ciphertexts, an attacker can crash the thread or process performing decryption, potentially disrupting service availability. The attack is easy to execute remotely, requires no privileges or user interaction, and can affect any application exposing decryption endpoints using this library. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or panics in applications using the RustCrypto elliptic-curves library's SM2PKE decryption function when processing ciphertext inputs. Specifically, look for panic logs or thread crashes triggered by malformed or short ciphertexts. Since the vulnerability is triggered by malformed ciphertexts causing panics in the decrypt() function, you can test detection by submitting deliberately short or malformed ciphertext inputs to the decryption endpoint or function and observing if the process crashes or panics. There are proof-of-concept examples that submit short ciphertexts (e.g., 10 bytes) or malformed DER-encoded ciphertexts to trigger the panic. Commands would depend on your environment, but generally, fuzz testing or sending crafted ciphertexts to the decryption service and monitoring logs for panics or crashes is recommended. Specific commands are not provided in the resources. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the RustCrypto elliptic-curves library to a version that includes the patch fixing this vulnerability (merged on January 9, 2026). The fix replaces unsafe `split_at` calls with `split_at_checked` and adds explicit length checks before splitting ciphertext slices to prevent panics. If updating is not immediately possible, implement defensive length validation before processing ciphertext inputs in the decrypt() function to ensure inputs are sufficiently long, returning controlled errors instead of panics. Additionally, monitor and filter incoming ciphertext inputs to block obviously malformed or undersized ciphertexts to reduce risk of denial-of-service. Applying the patch commit e60e991 or later versions that include this fix is the recommended action. [1, 2, 3]