CVE-2026-23519

High CVSS: 8.9

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using cmovnz (portable version). This vulnerability is fixed in 0.4.4.

Vendor

Rustcrypto

Product

Cmov

CWE

CWE-208

Yayın Tarihi

2026-01-15 20:16:05

Güncelleme

2026-01-23 18:59:58

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-208 Cmov HIGH Rustcrypto 2026

Referanslar

https://github.com/RustCrypto/utils/commit/55977257e7c82a309d5e8abfdd380a774f0f9778 https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp

Benzer Kayıtlar

High

CVE-2026-22698

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for…

High

CVE-2026-22699

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for…

High

CVE-2026-22700

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for…

Low

CVE-2026-21895

The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from…