CVE-2026-22705

Summary

RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2.

Affected Software

VendorProductVersion RangeStatus
RustCryptosignatures< 0.1.0-rc.2affected

Weaknesses

  • CWE-1240: CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References