RustCrypto Elliptic Curves SM2 Public-Key Encryption Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the SM2 public-key encryption (PKE) implementation of RustCrypto's Elliptic Curves library, specifically in versions 0.14.0-pre.0 and 0.14.0-rc.0. The issue arises because the decryption function performs unchecked slice operations on input buffers derived from untrusted ciphertext. This flaw can be exploited by sending short or carefully-crafted DER-encoded ciphertext, leading to bounds-check panics that crash the executing thread or process. The vulnerability has been patched by replacing the unsafe slice operations with validated alternatives that properly handle input length.

Impact

Exploitation of this vulnerability causes a thread or process crash, disrupting any application that uses this library and exposes decryption endpoints.

Reproduction

The vulnerability can be reproduced by using the 'decrypt' method with a short ciphertext that is less than the expected length, which triggers a panic due to insufficient bounds checking. Alternatively, the 'decrypt_der' method can be used with a crafted DER structure that contains valid but undersized OCTET STRING fields, causing a similar panic when the input is processed.

Remediation

Users can update to the patched version of the library, which includes the necessary length checks to prevent the vulnerability. Instructions for updating can be found on the RustCrypto Elliptic Curves GitHub repository.