CVE-2026-22698 - Vulnerability Details

Link	Providers
https://crates.io/crates/sm2/0.14.0-pre.0
https://crates.io/crates/sm2/0.14.0-rc.0
https://github.com/RustCrypto/elliptic-curves/commit/4781762f23ff22ab34763410f648128055c93731
https://github.com/RustCrypto/elliptic-curves/commit/e4f77788130d065d760e57fb109370827110a525
https://github.com/RustCrypto/elliptic-curves/pull/1600
https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-w3g8-fp6j-wvqw

Type	Values Removed	Values Added
Description		RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in the SM2 Public Key Encryption (PKE) implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. This reduces the security of the encryption from a 128-bit level to a trivial 16-bit level, allowing a practical attack to recover the nonce k and decrypt any ciphertext given only the public key and ciphertext. This issue has been patched via commit e4f7778.
Title		RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability
Weaknesses		CWE-331
References		https://crates.io/crates/sm2/0.14.0-pre.0 https://crates.io/crates/sm2/0.14.0-rc.0 https://github.com/RustCrypto/elliptic-curves/commit/4781762f23ff22ab34763410f648128055c93731 https://github.com/RustCrypto/elliptic-curves/commit/e4f77788130d065d760e57fb109370827110a525 https://github.com/RustCrypto/elliptic-curves/pull/1600 https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-w3g8-fp6j-wvqw
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22698", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-08T19:23:09.856Z", "datePublished": "2026-01-10T05:17:19.993Z", "dateUpdated": "2026-01-10T05:17:19.993Z"}, "containers": {"cna": {"title": "RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-331", "lang": "en", "description": "CWE-331: Insufficient Entropy", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-w3g8-fp6j-wvqw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-w3g8-fp6j-wvqw"}, {"name": "https://github.com/RustCrypto/elliptic-curves/pull/1600", "tags": ["x_refsource_MISC"], "url": "https://github.com/RustCrypto/elliptic-curves/pull/1600"}, {"name": "https://github.com/RustCrypto/elliptic-curves/commit/4781762f23ff22ab34763410f648128055c93731", "tags": ["x_refsource_MISC"], "url": "https://github.com/RustCrypto/elliptic-curves/commit/4781762f23ff22ab34763410f648128055c93731"}, {"name": "https://github.com/RustCrypto/elliptic-curves/commit/e4f77788130d065d760e57fb109370827110a525", "tags": ["x_refsource_MISC"], "url": "https://github.com/RustCrypto/elliptic-curves/commit/e4f77788130d065d760e57fb109370827110a525"}, {"name": "https://crates.io/crates/sm2/0.14.0-pre.0", "tags": ["x_refsource_MISC"], "url": "https://crates.io/crates/sm2/0.14.0-pre.0"}, {"name": "https://crates.io/crates/sm2/0.14.0-rc.0", "tags": ["x_refsource_MISC"], "url": "https://crates.io/crates/sm2/0.14.0-rc.0"}], "affected": [{"vendor": "RustCrypto", "product": "elliptic-curves", "versions": [{"version": "= 0.14.0-pre.0", "status": "affected"}, {"version": "= 0.14.0-rc.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-10T05:17:19.993Z"}, "descriptions": [{"lang": "en", "value": "RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in the SM2 Public Key Encryption (PKE) implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. This reduces the security of the encryption from a 128-bit level to a trivial 16-bit level, allowing a practical attack to recover the nonce k and decrypt any ciphertext given only the public key and ciphertext. This issue has been patched via commit e4f7778."}], "source": {"advisory": "GHSA-w3g8-fp6j-wvqw", "discovery": "UNKNOWN"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in the SM2 Public Key Encryption (PKE) implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. This reduces the security of the encryption from a 128-bit level to a trivial 16-bit level, allowing a practical attack to recover the nonce k and decrypt any ciphertext given only the public key and ciphertext. This issue has been patched via commit e4f7778."}], "id": "CVE-2026-22698", "lastModified": "2026-01-10T06:15:52.220", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-10T06:15:52.220", "references": [{"source": "security-advisories@github.com", "url": "https://crates.io/crates/sm2/0.14.0-pre.0"}, {"source": "security-advisories@github.com", "url": "https://crates.io/crates/sm2/0.14.0-rc.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/RustCrypto/elliptic-curves/commit/4781762f23ff22ab34763410f648128055c93731"}, {"source": "security-advisories@github.com", "url": "https://github.com/RustCrypto/elliptic-curves/commit/e4f77788130d065d760e57fb109370827110a525"}, {"source": "security-advisories@github.com", "url": "https://github.com/RustCrypto/elliptic-curves/pull/1600"}, {"source": "security-advisories@github.com", "url": "https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-w3g8-fp6j-wvqw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-331"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object