5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): NONE
ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto `ml-dsa` crate incorrectly accepts signatures with repeated (duplicate) hint indices. According to the ML-DSA specification (FIPS 204 / RFC 9881), hint indices within each polynomial must be **strictly increasing**. The current implementation uses a non-strict monotonic check (`<=` instead of `<`), allowing duplicate indices. This is a regression bug. The original implementation was correct, but a commit in version 0.0.4 inadvertently changed the strict `<` comparison to `<=`, introducing the vulnerability. Version 0.1.0-rc.4 fixes the issue.
References
- https://github.com/RustCrypto/signatures/security/advisories/GHSA-5x2r-hc65-25f9 x_refsource_CONFIRM
- https://github.com/RustCrypto/signatures/issues/894 x_refsource_MISC
- https://github.com/RustCrypto/signatures/pull/895 x_refsource_MISC
- https://github.com/RustCrypto/signatures/commit/400961412be2e2ab787942cf30e0a9b66b37a54a x_refsource_MISC
- https://github.com/RustCrypto/signatures/commit/b01c3b73dd08d0094e089aa234f78b6089ec1f38 x_refsource_MISC
- https://csrc.nist.gov/pubs/fips/204/final x_refsource_MISC
- https://datatracker.ietf.org/doc/html/rfc9881 x_refsource_MISC
- https://github.com/C2SP/wycheproof x_refsource_MISC
- https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_44_verify_test.json x_refsource_MISC
- https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_65_verify_test.json x_refsource_MISC
- https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_87_verify_test.json x_refsource_MISC
- https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_65_verify_test.json x_refsource_MISC
- https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_87_verify_test.json x_refsource_MISC
- https://github.com/RustCrypto/signatures/security/advisories/GHSA-5x2r-hc65-25f9 x_refsource_CONFIRM
- https://github.com/RustCrypto/signatures/issues/894 x_refsource_MISC
- https://github.com/RustCrypto/signatures/pull/895 x_refsource_MISC
- https://github.com/RustCrypto/signatures/commit/400961412be2e2ab787942cf30e0a9b66b37a54a x_refsource_MISC
- https://github.com/RustCrypto/signatures/commit/b01c3b73dd08d0094e089aa234f78b6089ec1f38 x_refsource_MISC
- https://csrc.nist.gov/pubs/fips/204/final x_refsource_MISC
- https://datatracker.ietf.org/doc/html/rfc9881 x_refsource_MISC
- https://github.com/C2SP/wycheproof x_refsource_MISC
- https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_44_verify_test.json x_refsource_MISC
Affected products
- ==>= 0.0.4, < 0.1.0-rc.4
Matching in nixpkgs
pkgs.python312Packages.ts1-signatures
TLS and HTTP signature and fingerprint library
-
nixos-unstable ts1-signatures-0-unstable-2024-08-10
- nixpkgs-unstable ts1-signatures-0-unstable-2024-08-10
- nixos-unstable-small ts1-signatures-0-unstable-2024-08-10
pkgs.python313Packages.ts1-signatures
TLS and HTTP signature and fingerprint library
-
nixos-unstable ts1-signatures-0-unstable-2024-08-10
- nixpkgs-unstable ts1-signatures-0-unstable-2024-08-10
- nixos-unstable-small ts1-signatures-0-unstable-2024-08-10
pkgs.perlPackages.MethodSignaturesSimple
Basic method declarations with signatures, without source filters
pkgs.haskellPackages.PartialTypeSignatures
emulate partial type signatures with template haskell
pkgs.perl538Packages.MethodSignaturesSimple
Basic method declarations with signatures, without source filters
pkgs.perl540Packages.MethodSignaturesSimple
Basic method declarations with signatures, without source filters
pkgs.python312Packages.http-message-signatures
Requests authentication module for HTTP Signature
pkgs.python313Packages.http-message-signatures
Requests authentication module for HTTP Signature
pkgs.haskellPackages.hasktorch-signatures-types
Core types for Hasktorch backpack signatures
pkgs.python312Packages.requests-http-message-signatures
Request authentication plugin implementing IETF HTTP Message Signatures
-
nixos-unstable -
- nixos-unstable-small 0.3.0
pkgs.python313Packages.requests-http-message-signatures
Request authentication plugin implementing IETF HTTP Message Signatures
-
nixos-unstable -
- nixos-unstable-small 0.3.0
Package maintainers
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@fricklerhandwerk Valentin Gagarin <valentin@fricklerhandwerk.de>
-
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>
-
@wegank Weijia Wang <contact@weijia.wang>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
-
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>