Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

RustCrypto — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting RustCrypto. AI-powered Chinese analysis, POCs, and references for each vulnerability.

RustCrypto develops cryptographic libraries for the Rust programming language, providing secure implementations of various cryptographic algorithms. Historically, vulnerabilities in these libraries have included remote code execution, buffer overflows, and logic flaws in cryptographic operations. While the project maintains a strong security focus due to Rust's memory safety guarantees, it has still recorded 10 CVEs, primarily related to edge cases in algorithm implementations and potential side-channel vulnerabilities. The project's security model emphasizes rigorous testing and formal verification, though some incidents have highlighted challenges in complex cryptographic protocol implementations. Despite these issues, RustCrypto remains a critical resource for secure cryptographic development in the Rust ecosystem.

Top products by RustCrypto: elliptic-curves AEADs RSA signatures utils
CVE IDTitleCVSSSeverityPublished
CVE-2026-24850 ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices — signaturesCWE-347 5.3 Medium2026-01-28
CVE-2026-23519 RustCrypto cmov: thumbv6m-none-eabi compiler emits non-constant time assembly when using cmovnz — utilsCWE-208 7.5AIHighAI2026-01-15
CVE-2026-22705 RustCrypto: Signatures has timing side-channel in ML-DSA decomposition — signaturesCWE-1240 6.4 Medium2026-01-10
CVE-2026-22700 RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE — elliptic-curvesCWE-20 7.5 High2026-01-10
CVE-2026-22699 RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt() — elliptic-curvesCWE-20 7.5 High2026-01-10
CVE-2026-22698 RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability — elliptic-curvesCWE-331 7.5 -2026-01-10
CVE-2026-21895 rsa crate has potential panic on a prime being equal to 1 — RSACWE-703 7.5 -2026-01-08
CVE-2025-27498 AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure — AEADsCWE-347 7.5 -2025-03-03
CVE-2023-49092 RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels — RSACWE-385 5.9 Medium2023-11-28
CVE-2023-42811 AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure — AEADsCWE-347 4.7 Medium2023-09-22

This page lists every published CVE security advisory associated with RustCrypto. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.