CVE-2026-22705
Unknown Unknown - Not Provided
Timing Side-Channel in RustCrypto Signatures ML-DSA Component

Publication date: 2026-01-10

Last updated on: 2026-01-10

Assigner: GitHub, Inc.

Description
RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-10
Last Modified
2026-01-10
Generated
2026-06-16
AI Q&A
2026-01-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22705
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rustcrypto signatures to 0.1.0-rc.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1240 To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a timing side-channel issue in the ML-DSA signature scheme implementation within the RustCrypto signatures library. It arises from the use of hardware integer division instructions (UDIV/SDIV) in the Decompose algorithm during signature generation. These division instructions have variable execution times depending on the operand values, which are derived from secret key components. Because the timing varies with secret data, an attacker who can measure the time precisely could potentially recover secret signing key information. The vulnerability was fixed by replacing the variable-time hardware division with a constant-time division method based on Barrett reduction, which eliminates timing variability and prevents leakage of secret information. [1, 3]

Impact Analysis

This vulnerability can impact you by allowing an attacker with the ability to perform precise timing measurements on the signature generation process to extract secret signing key information. This compromises the confidentiality and integrity of the cryptographic keys used for digital signatures, potentially enabling forgery or impersonation attacks. The vulnerability has a moderate severity score (CVSS 6.4) and requires an adjacent network attacker with low privileges but high attack complexity. There is no impact on availability. [1]

Detection Guidance

This vulnerability can be detected by analyzing the cryptographic implementation for timing side-channels, specifically looking for variable-time hardware division instructions (UDIV/SDIV) used on secret-dependent data during the ML-DSA signature generation process. Detection was performed using a constant-time analyzer that inspects compiled assembly code for data-dependent timing behavior. While no specific network or system commands are provided, using constant-time analysis tools on the RustCrypto signatures library binaries or source code to identify variable-time division operations in the decompose function would be the approach. [1]

Mitigation Strategies

To mitigate this vulnerability immediately, update the RustCrypto signatures library to version 0.1.0-rc.2 or later, where the timing side-channel in the ML-DSA implementation has been patched. The patch replaces variable-time hardware division with a constant-time division method based on Barrett reduction, eliminating timing variability. If updating is not immediately possible, avoid using vulnerable versions for signing operations and consider applying the constant-time division fix manually if feasible. [1, 2, 3]

Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22705. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart