CVE-2026-22705
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2026-22705
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22705.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-22705
- Aliases
- Published
- 2026-01-10T06:14:20.292Z
- Modified
- 2026-01-15T05:55:26.857288Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- RustCrypto: Signatures has timing side-channel in ML-DSA decomposition
- Details
-
RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2.
- Database specific
{ "cwe_ids": [ "CWE-1240" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22705.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22705.json
- https://github.com/RustCrypto/signatures/commit/035d9eef98486ecd00a8bf418c7817eb14dd6558
- https://github.com/RustCrypto/signatures/pull/1144
- https://github.com/RustCrypto/signatures/security/advisories/GHSA-hcp2-x6j4-29j7
- https://nvd.nist.gov/vuln/detail/CVE-2026-22705
Affected packages
Git / github.com/rustcrypto/signatures
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rustcrypto/signatures
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
dsa/v0.*
dsa/v0.2.0
dsa/v0.3.0
dsa/v0.4.0
dsa/v0.4.1
dsa/v0.4.2
dsa/v0.5.0
dsa/v0.5.0-pre.1
dsa/v0.5.0-rc.0
dsa/v0.5.0-rc.1
dsa/v0.6.0
dsa/v0.6.1
dsa/v0.6.2
dsa/v0.7.0-pre.0
dsa/v0.7.0-pre.1
dsa/v0.7.0-rc.0
dsa/v0.7.0-rc.1
dsa/v0.7.0-rc.2
dsa/v0.7.0-rc.3
dsa/v0.7.0-rc.4
dsa/v0.7.0-rc.5
dsa/v0.7.0-rc.6
ecdsa/0.*
ecdsa/0.11.0-pre.5
ecdsa/0.16.2
ecdsa/v0.*
ecdsa/v0.1.0
ecdsa/v0.10.0
ecdsa/v0.10.0-pre
ecdsa/v0.10.1
ecdsa/v0.10.2
ecdsa/v0.11.0
ecdsa/v0.11.0-pre.1
ecdsa/v0.11.0-pre.2
ecdsa/v0.11.0-pre.3
ecdsa/v0.11.0-pre.4
ecdsa/v0.11.0-pre.6
ecdsa/v0.11.1
ecdsa/v0.12.0
ecdsa/v0.12.1
ecdsa/v0.12.2
ecdsa/v0.12.3
ecdsa/v0.12.4
ecdsa/v0.13.0
ecdsa/v0.13.2
ecdsa/v0.13.3
ecdsa/v0.13.4
ecdsa/v0.14.0
ecdsa/v0.14.0-pre.1
ecdsa/v0.14.0-pre.2
ecdsa/v0.14.0-pre.3
ecdsa/v0.14.0-pre.5
ecdsa/v0.14.1
ecdsa/v0.14.2
ecdsa/v0.14.3
ecdsa/v0.14.4
ecdsa/v0.14.5
ecdsa/v0.14.6
ecdsa/v0.14.7
ecdsa/v0.14.8
ecdsa/v0.15.0
ecdsa/v0.15.0-pre.0
ecdsa/v0.15.0-pre.1
ecdsa/v0.15.0-rc.1
ecdsa/v0.16.0
ecdsa/v0.16.0-pre.0
ecdsa/v0.16.0-pre.1
ecdsa/v0.16.0-rc.0
ecdsa/v0.16.1
ecdsa/v0.16.3
ecdsa/v0.16.4
ecdsa/v0.16.5
ecdsa/v0.16.6
ecdsa/v0.16.7
ecdsa/v0.16.8
ecdsa/v0.16.9
ecdsa/v0.17.0-pre.0
ecdsa/v0.17.0-pre.1
ecdsa/v0.17.0-pre.2
ecdsa/v0.17.0-pre.3
ecdsa/v0.17.0-pre.4
ecdsa/v0.17.0-pre.5
ecdsa/v0.17.0-pre.6
ecdsa/v0.17.0-pre.7
ecdsa/v0.17.0-pre.8
ecdsa/v0.17.0-pre.9
ecdsa/v0.17.0-rc.0
ecdsa/v0.17.0-rc.1
ecdsa/v0.17.0-rc.2
ecdsa/v0.17.0-rc.3
ecdsa/v0.17.0-rc.4
ecdsa/v0.17.0-rc.5
ecdsa/v0.17.0-rc.6
ecdsa/v0.17.0-rc.7
ecdsa/v0.17.0-rc.8
ecdsa/v0.2.0
ecdsa/v0.2.1
ecdsa/v0.3.0
ecdsa/v0.4.0
ecdsa/v0.5.0
ecdsa/v0.5.0-pre
ecdsa/v0.6.0
ecdsa/v0.6.1
ecdsa/v0.7.0
ecdsa/v0.7.1
ecdsa/v0.7.2
ecdsa/v0.8.0
ecdsa/v0.8.1
ecdsa/v0.8.2
ecdsa/v0.8.3
ecdsa/v0.8.4
ecdsa/v0.8.5
ecdsa/v0.9.0
ed25519/2.*
ed25519/2.0.0-pre.0
ed25519/v0.*
ed25519/v0.1.0
ed25519/v0.2.0
ed25519/v1.*
ed25519/v1.0.0
ed25519/v1.0.0-pre.0
ed25519/v1.0.0-pre.1
ed25519/v1.0.0-pre.2
ed25519/v1.0.0-pre.3
ed25519/v1.0.0-pre.4
ed25519/v1.0.1
ed25519/v1.0.2
ed25519/v1.0.3
ed25519/v1.1.0
ed25519/v1.1.1
ed25519/v1.2.0
ed25519/v1.3.0
ed25519/v1.4.0
ed25519/v1.4.1
ed25519/v1.5.0
ed25519/v1.5.1
ed25519/v1.5.2
ed25519/v2.*
ed25519/v2.0.0
ed25519/v2.0.0-pre.1
ed25519/v2.0.0-pre.2
ed25519/v2.0.0-rc.0
ed25519/v2.0.1
ed25519/v2.1.0
ed25519/v2.2.0
ed25519/v2.2.1
ed25519/v2.2.2
ed25519/v2.2.3
ed25519/v2.3.0-pre.0
ed25519/v3.*
ed25519/v3.0.0-pre.0
ed25519/v3.0.0-rc.0
ed25519/v3.0.0-rc.1
ed25519/v3.0.0-rc.2
ed448/0.*
ed448/0.5.0-rc.0
ed448/v0.*
ed448/v0.5.0-rc.1
ed448/v0.5.0-rc.2
lms-signature/v0.*
lms-signature/v0.0.1
lms-signature/v0.1.0-rc.0
ml-dsa/v0.*
ml-dsa/v0.0.4
ml-dsa/v0.1.0-pre.0
ml-dsa/v0.1.0-pre.1
ml-dsa/v0.1.0-pre.2
ml-dsa/v0.1.0-rc.0
ml-dsa/v0.1.0-rc.1
rfc6979/v0.*
rfc6979/v0.1.0
rfc6979/v0.2.0
rfc6979/v0.2.0-pre.0
rfc6979/v0.3.0
rfc6979/v0.3.1
rfc6979/v0.4.0
rfc6979/v0.4.0-pre.0
rfc6979/v0.5.0-pre.0
rfc6979/v0.5.0-pre.1
rfc6979/v0.5.0-pre.2
rfc6979/v0.5.0-pre.3
rfc6979/v0.5.0-rc.0
rfc6979/v0.5.0-rc.1
rfc6979/v0.5.0-rc.2
rfc6979/v0.5.0-rc.3
slh-dsa/v0.*
slh-dsa/v0.0.2
slh-dsa/v0.0.3
slh-dsa/v0.1.0
slh-dsa/v0.2.0-rc.0