CVE-2026-22700

Name of the Vulnerable Software and Affected Versions RustCrypto versions 0.14.0-pre.0 through 0.14.0-rc.0

Description The RustCrypto Elliptic Curves library provides Elliptic Curve Cryptography (ECC) support. A denial-of-service issue exists in the SM2 public-key encryption implementation where unchecked slice operations on input buffers derived from ciphertext can lead to bounds-check panics, potentially crashing the calling thread or process. An attacker can exploit this by submitting short or crafted ciphertext.

Recommendations Update to a version beyond 0.14.0-rc.0.