{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T17:31:43.353","vulnerabilities":[{"cve":{"id":"CVE-2026-22700","sourceIdentifier":"security-advisories@github.com","published":"2026-01-10T06:15:52.517","lastModified":"2026-01-22T14:53:48.393","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 public-key encryption (PKE) implementation: the decrypt() path performs unchecked slice::split_at operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encoded structures to trigger bounds-check panics (Rust unwinding) which crash the calling thread or process. This issue has been patched via commit e60e991."},{"lang":"es","value":"RustCrypto: Curvas Elípticas es soporte de Criptografía de Curva Elíptica (ECC) de propósito general, incluyendo tipos y rasgos para representar varias formas de curvas elípticas, escalares, puntos y claves públicas/secretas compuestas de ellos. En las versiones 0.14.0-pre.0 y 0.14.0-rc.0, existe una vulnerabilidad de denegación de servicio en la implementación de cifrado (PKE) de clave pública SM2: la ruta decrypt() realiza operaciones slice::split_at sin verificar en búferes de entrada derivados de texto cifrado no confiable. Un atacante puede enviar texto cifrado corto/subdimensionado o estructuras codificadas en DER cuidadosamente elaboradas para activar pánicos de verificación de límites (desenrolle de Rust) que bloquean el hilo o proceso que realiza la llamada. Este problema ha sido parcheado mediante el commit e60e991."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rustcrypto:sm2_elliptic_curve:0.14.0:pre0:*:*:*:rust:*:*","matchCriteriaId":"5F5BCFE9-1585-4A90-857F-7F9E1B9C9ADA"},{"vulnerable":true,"criteria":"cpe:2.3:a:rustcrypto:sm2_elliptic_curve:0.14.0:rc0:*:*:*:rust:*:*","matchCriteriaId":"B584C50F-8ED4-45F4-8799-7CCFE8D4DF66"}]}]}],"references":[{"url":"https://github.com/RustCrypto/elliptic-curves/commit/e60e99167a9a2b187ebe80c994c5204b0fdaf4ab","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/RustCrypto/elliptic-curves/pull/1603","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-j9xq-69pf-pcm8","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-j9xq-69pf-pcm8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}