๐Ÿ” CVE Alert

CVE-2026-50185

UNKNOWN 0.0

RustCrypto Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are set

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. From 0.1.1 until 0.5.4, the aarch64 implementations of Cmov and CmovEq in cmov/src/backends/aarch64.rs assume high bits are zero-extended when loading values smaller than a register, so set high bits such as [8..] in a Cmov selector or [16..] of self or other in the u16 and i16 CmovEq implementations can cause left.cmovz(&right, condition) to produce incorrect output. This issue is fixed in version 0.5.4.

CWE CWE-758
Vendor rustcrypto
Product utils
Published Jul 17, 2026
Stay Ahead of the Next One

Get instant alerts for rustcrypto utils

Be the first to know when new unknown vulnerabilities affecting rustcrypto utils are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

RustCrypto / utils
>= 0.1.1, < 0.5.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/RustCrypto/utils/security/advisories/GHSA-3rjw-m598-pq24 github.com: https://github.com/RustCrypto/utils/commit/dba6c355c9f241e3726d5ec2a68f9f3b519f6063 github.com: https://github.com/RustCrypto/utils/releases/tag/cmov-v0.5.4