CVE-2026-32614

{"id": "CVE-2026-32614", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-16T14:19:39.160", "references": [{"url": "https://github.com/emmansun/gmsm/security/advisories/GHSA-5xxp-2vrj-x855", "source": "security-advisories@github.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly reject the point at infinity. In the current implementation, an attacker can construct C1 as the point at infinity, causing the bilinear pairing result to degenerate into the identity element in the GT group. As a result, a critical part of the key derivation input becomes a predictable constant. An attacker who only knows the target user's UID can derive the decryption key material and then forge a ciphertext that passes the integrity check. This vulnerability is fixed in 0.41.1."}, {"lang": "es", "value": "La Biblioteca Go ShangMi (Criptograf\u00eda Comercial) (GMSM) es una biblioteca criptogr\u00e1fica que cubre los algoritmos criptogr\u00e1ficos p\u00fablicos comerciales chinos SM2/SM3/SM4/SM9/ZUC. Antes de la versi\u00f3n 0.41.1, la implementaci\u00f3n actual de descifrado de SM9 contiene una vulnerabilidad de falsificaci\u00f3n de texto cifrado de punto al infinito. La causa ra\u00edz es que, durante el descifrado, el punto de curva el\u00edptica C1 en el texto cifrado solo se deserializa y se verifica que est\u00e9 en la curva, pero la implementaci\u00f3n no rechaza expl\u00edcitamente el punto en el infinito. En la implementaci\u00f3n actual, un atacante puede construir C1 como el punto en el infinito, haciendo que el resultado del emparejamiento bilineal degenere en el elemento identidad en el grupo GT. Como resultado, una parte cr\u00edtica de la entrada de derivaci\u00f3n de clave se convierte en una constante predecible. Un atacante que solo conoce el UID del usuario objetivo puede derivar el material de la clave de descifrado y luego falsificar un texto cifrado que pase la verificaci\u00f3n de integridad. Esta vulnerabilidad se corrige en la versi\u00f3n 0.41.1."}], "lastModified": "2026-04-15T15:43:48.523", "sourceIdentifier": "security-advisories@github.com"}