RUSTSEC-2026-0077

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2026-0077
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0077.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2026-0077
Aliases
Published
2026-03-04T12:00:00Z
Modified
2026-03-27T05:55:06Z
Summary
Incorrect Check of Signer Response Norm During Verification
Details

The ML-DSA verification algorithm as specified in FIPS 204, subsection 6.3 requires verifiers to check that the infinity norm of the deserialized signer response $z$ does not exceed $\gamma_1 - \beta$ (line 13 of Algorithm 8). The same check is required to be performed during signature generation.

libcrux-ml-dsa did not perform this check correctly during signature verification, accepting signatures with signer response norm above the allowed maximum value. The check is correctly performed during signing.

Impact

Applications using libcrux-ml-dsa for signature verification would have accepted signatures that would be rejected by a conforming implementation.

Mitigation

Starting from version 0.0.8, signature verification uses the correct value for $\gamma_1$ in the signer response norm check.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / libcrux-ml-dsa

Package

Name
libcrux-ml-dsa
View open source insights on deps.dev
Purl
pkg:cargo/libcrux-ml-dsa

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.0.8

Ecosystem specific 

{
    "affected_functions": null,
    "affects": {
        "arch": [],
        "functions": [
            "libcrux_ml_dsa::ml_dsa_44::verify",
            "libcrux_ml_dsa::ml_dsa_65::verify",
            "libcrux_ml_dsa::ml_dsa_87::verify"
        ],
        "os": []
    }
}

Database specific

categories 
[]
source 
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0077.json"
informational 
null
cvss 
null