CVE-2026-22705

Description

RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2.

CVSS Details

CVSS Score

6.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

No configuration data available.

RustCrypto: Signatures < 0.1.0-rc.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2026-22705 PoC - Timing Side-Channel Attack on ML-DSA Signing
// This PoC demonstrates timing analysis to detect the vulnerability

import time
import statistics
from signatures import ML_DSA

def measure_signing_time(private_key, message, iterations=1000):
    """Measure signing time variations to detect side-channel leak"""
    times = []
    for i in range(iterations):
        start = time.perf_counter_ns()
        signature = private_key.sign(message)
        end = time.perf_counter_ns()
        times.append(end - start)
    return times

def analyze_timing_pattern(times):
    """Analyze timing data for patterns indicating side-channel vulnerability"""
    mean = statistics.mean(times)
    stdev = statistics.stdev(times)
    variance_coefficient = stdev / mean
    
    # High variance coefficient indicates timing leak
    if variance_coefficient > 0.05:
        return True, f"Potential timing leak detected (CV={variance_coefficient:.4f})"
    return False, f"Timing appears constant (CV={variance_coefficient:.4f})"

def main():
    # Generate key pair
    params = ML_DSA.parameters(44)  # ML-DSA-44
    private_key = params.generate_key()
    message = b"Test message for timing analysis"
    
    # Collect timing data
    print("Collecting timing data...")
    times = measure_signing_time(private_key, message, iterations=1000)
    
    # Analyze results
    is_vulnerable, analysis = analyze_timing_pattern(times)
    print(f"Analysis result: {analysis}")
    
    if is_vulnerable:
        print("[✗] VULNERABLE: Timing side-channel detected")
        print("[!] Upgrade to RustCrypto Signatures >= 0.1.0-rc.2")
    else:
        print("[+] SECURE: No significant timing leak detected")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-22705
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-22705
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-22705/
[4] VulDB https://vuldb.com/cve/CVE-2026-22705
[5] https://github.com/RustCrypto/signatures/commit/035d9eef98486ecd00a8bf418c7817eb14dd6558
[6] https://github.com/RustCrypto/signatures/pull/1144
[7] https://github.com/RustCrypto/signatures/security/advisories/GHSA-hcp2-x6j4-29j7

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-22705", "sourceIdentifier": "[email protected]", "published": "2026-01-10T07:16:03.363", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2."}, {"lang": "es", "value": "RustCrypto: Signatures ofrece soporte para firmas digitales, que proporcionan autenticación de datos utilizando criptografía de clave pública. Antes de la versión 0.1.0-rc.2, se descubrió un canal lateral de temporización en el algoritmo Decompose que se utiliza durante la firma ML-DSA para generar pistas para la firma. Este problema ha sido parcheado en la versión 0.1.0-rc.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1240"}]}], "references": [{"url": "https://github.com/RustCrypto/signatures/commit/035d9eef98486ecd00a8bf418c7817eb14dd6558", "source": "[email protected]"}, {"url": "https://github.com/RustCrypto/signatures/pull/1144", "source": "[email protected]"}, {"url": "https://github.com/RustCrypto/signatures/security/advisories/GHSA-hcp2-x6j4-29j7", "source": "[email protected]"}]}}