CVE-2026-23519
- Source
- https://cve.org/CVERecord?id=CVE-2026-23519
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23519.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-23519
- Aliases
- Related
- Published
- 2026-01-15T19:13:54.440Z
- Modified
- 2026-01-18T03:44:36.431686Z
- Severity
-
- 8.9 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N CVSS Calculator
- Summary
- RustCrypto cmov: thumbv6m-none-eabi compiler emits non-constant time assembly when using cmovnz
- Details
-
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using cmovnz (portable version). This vulnerability is fixed in 0.4.4.
- Database specific
{ "cwe_ids": [ "CWE-208" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23519.json" }- References
Affected packages
Git / github.com/rustcrypto/utils
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rustcrypto/utils
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
base64ct-v0.*
base64ct-v0.1.0
base64ct-v0.1.1
base64ct-v0.1.2
base64ct-v0.2.0
blobby-v0.*
blobby-v0.1.0
blobby-v0.1.1
blobby-v0.1.2
blobby-v0.2.0
blobby-v0.3.0
block-buffer-v0.*
block-buffer-v0.10.0-pre
block-buffer-v0.10.0-pre.1
block-buffer-v0.10.0-pre.2
block-buffer-v0.5.0
block-buffer-v0.5.1
block-buffer-v0.6.0
block-buffer-v0.7.0
block-buffer-v0.7.1
block-buffer-v0.7.2
block-buffer-v0.7.3
block-buffer-v0.8.0
block-buffer-v0.9.0
block-padding-v0.*
block-padding-v0.1.1
block-padding-v0.1.2
block-padding-v0.1.3
block-padding-v0.1.4
block-padding-v0.1.5
block-padding-v0.2.0
block-padding-v0.2.1
block-padding-v0.3.0-pre
byte-tools-v0.*
byte-tools-v0.3.0
byte-tools-v0.3.1
collectable-v0.*
collectable-v0.0.1
collectable-v0.0.2
const-oid-v0.*
const-oid-v0.1.0
const-oid-v0.2.0
const-oid-v0.3.0
const-oid-v0.3.1
const-oid-v0.3.2
const-oid-v0.3.3
const-oid-v0.3.4
const-oid-v0.3.5
const-oid-v0.4.0
const-oid-v0.4.1
const-oid-v0.4.2
const-oid-v0.4.3
dbl-v0.*
dbl-v0.2.0
dbl-v0.2.1
dbl-v0.3.0
dbl-v0.3.1
der-v0.*
der-v0.1.0
der-v0.2.0
der-v0.2.0-pre
der-v0.2.1
der-v0.2.2
der-v0.2.3
der-v0.2.4
der-v0.2.5
der-v0.2.6
der-v0.2.7
der-v0.2.8
der-v0.2.9
der_derive-v0.*
der_derive-v0.1.0
der_derive-v0.2.0
der_derive-v0.2.1
der_derive-v0.2.2
hex-literal-impl-v0.*
hex-literal-impl-v0.2.1
hex-literal-impl-v0.2.2
hex-literal-v0.*
hex-literal-v0.1.2
hex-literal-v0.1.3
hex-literal-v0.1.4
hex-literal-v0.2.0
hex-literal-v0.2.1
hex-literal-v0.3.0
hex-literal-v0.3.1
opaque-debug-v0.*
opaque-debug-v0.2.1
opaque-debug-v0.2.2
opaque-debug-v0.3.0
opaque-debug_v0.*
opaque-debug_v0.1.0
opaque-debug_v0.2.0
opaque-debug_v0.2.1
pkcs5-v0.*
pkcs5-v0.1.0
pkcs5-v0.1.1
pkcs8-v0.*
pkcs8-v0.1.0
pkcs8-v0.1.1
pkcs8-v0.2.0
pkcs8-v0.2.1
pkcs8-v0.2.2
pkcs8-v0.3.0
pkcs8-v0.3.1
pkcs8-v0.3.2
pkcs8-v0.3.3
pkcs8-v0.4.0
pkcs8-v0.4.0-pre
pkcs8-v0.4.1
pkcs8-v0.5.0
pkcs8-v0.5.1
pkcs8-v0.5.2
pkcs8-v0.5.3
pkcs8-v0.5.4
spki-v0.*
spki-v0.1.0
spki-v0.2.1