Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-2681

Опубликовано: 18 фев. 2026
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation functions, such as blst_keygen_v5(), if the application exposes this functionality. Successful exploitation leads to memory corruption and immediate process termination, resulting in a denial-of-service (DoS) condition.

Отчет

This MODERATE impact vulnerability in the blst cryptographic library can lead to a denial-of-service condition. The flaw is triggered when an application using the library's key generation API processes a zero-length salt, resulting in an out-of-bounds stack write.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2440580github.com/supranational/blst: blst cryptographic library: Denial of Service via out-of-bounds stack write in key generation

EPSS

Процентиль: 35%
0.00147
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-2681

CVSS3: 5.3
nvd
около 1 месяца назад

A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation functions, such as blst_keygen_v5(), if the application exposes this functionality. Successful exploitation leads to memory corruption and immediate process termination, resulting in a denial-of-service (DoS) condition.

debian логотип

CVE-2026-2681

CVSS3: 5.3
debian
около 1 месяца назад

A flaw was found in the blst cryptographic library. This out-of-bounds ...

github логотип

GHSA-6ff8-r7x3-m73p

CVSS3: 5.3
github
около 1 месяца назад

A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation functions, such as blst_keygen_v5(), if the application exposes this functionality. Successful exploitation leads to memory corruption and immediate process termination, resulting in a denial-of-service (DoS) condition.

EPSS

Процентиль: 35%
0.00147
Низкий

5.3 Medium

CVSS3