CVE-2026-2681 - Github.com/supranational/blst: blst cryptographic library: denial of service via out-of-bounds stack write in key generation
CVE ID : CVE-2026-2681
Published : Feb. 19, 2026, 6:58 a.m. | 1 hour, 24 minutes ago
Description : A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation functions, such as blst_keygen_v5(), if the application exposes this functionality. Successful exploitation leads to memory corruption and immediate process termination, resulting in a denial-of-service (DoS) condition.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Feb. 19, 2026, 6:58 a.m. | 1 hour, 24 minutes ago
Description : A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation functions, such as blst_keygen_v5(), if the application exposes this functionality. Successful exploitation leads to memory corruption and immediate process termination, resulting in a denial-of-service (DoS) condition.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...