CVE-2026-24850

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-24850

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24850.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-24850

Aliases

GHSA-5x2r-hc65-25f9

Published

2026-01-28T00:24:53.146Z

Modified

2026-02-09T02:49:49.460614Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices

Details

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated (duplicate) hint indices. According to the ML-DSA specification (FIPS 204 / RFC 9881), hint indices within each polynomial must be strictly increasing. The current implementation uses a non-strict monotonic check (<= instead of <), allowing duplicate indices. This is a regression bug. The original implementation was correct, but a commit in version 0.0.4 inadvertently changed the strict < comparison to <=, introducing the vulnerability. Version 0.1.0-rc.4 fixes the issue.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24850.json",
    "cwe_ids": [
        "CWE-347"
    ]
}

References

Affected packages

Git / github.com/rustcrypto/signatures

Affected ranges

Type: GIT
Repo: https://github.com/rustcrypto/signatures
Events: Introduced

ea7a000fa4ddac2ddc3eedca2666ac1959736712

Fixed

f5901031ac84167a28c8d5c47773e13298b417b9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24850.json"