GHSA-5x2r-hc65-25f9
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionNVD
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated (duplicate) hint indices. According to the ML-DSA specification (FIPS 204 / RFC 9881), hint indices within each polynomial must be strictly increasing. The current implementation uses a non-strict monotonic check (<= instead of <), allowing duplicate indices. This is a regression bug. The original implementation was correct, but a commit in version 0.0.4 inadvertently changed the strict < comparison to <=, introducing the vulnerability. Version 0.1.0-rc.4 fixes the issue.
AnalysisAI
The RustCrypto ml-dsa crate versions 0.0.4 through 0.1.0-rc.3 incorrectly validate ML-DSA digital signatures by accepting duplicate hint indices that should be strictly increasing per the FIPS 204 specification, allowing attackers to forge valid signatures that should be rejected. This regression was introduced by a comparison operator change in version 0.0.4 and affects any application relying on this crate for signature verification. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 30 days: Identify affected systems running version 0.0.4 and and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today