CVE-2026-2681

A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation functions, such as blst_keygen_v5(), if the application exposes this functionality. Successful exploitation leads to memory corruption and immediate process termination, resulting in a denial-of-service (DoS) condition.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2026-2681
https://bugzilla.redhat.com/show_bug.cgi?id=2440580

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se encontró un defecto en la librería criptográfica blst. Esta vulnerabilidad de escritura fuera de límites en la pila, específicamente en la rutina de ensamblador blst_sha256_bcopy, ocurre debido a que falta una guarda de longitud cero. Un atacante en remoto puede explotar esto al proporcionar un parámetro de 'salt' de longitud cero a funciones de generación de claves, como blst_keygen_v5(), si la aplicación expone esta funcionalidad. Si se logra explotar con éxito se provoca una corrupción de memoria y la terminación inmediata del proceso, lo que resulta en una condición de denegación de servicio (DoS).

19 Feb 2026, 07:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-19 07:17

Updated : 2026-06-17 10:31

NVD link : CVE-2026-2681

Mitre link : CVE-2026-2681

CVE.ORG link : CVE-2026-2681

JSON object : View

Products Affected

No product.

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2026-2681", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-2681", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T21:32:20.328139Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "affected": [{"source": "patrick@puiterwijk.org", "affectedData": [{"versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.3.16"}], "packageName": "blst", "collectionURL": "https://github.com/supranational/blst", "defaultStatus": "unaffected"}]}], "published": "2026-02-19T07:17:47.270", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-2681", "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440580", "source": "patrick@puiterwijk.org"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation functions, such as blst_keygen_v5(), if the application exposes this functionality. Successful exploitation leads to memory corruption and immediate process termination, resulting in a denial-of-service (DoS) condition."}, {"lang": "es", "value": "Se encontr\u00f3 un defecto en la librer\u00eda criptogr\u00e1fica blst. Esta vulnerabilidad de escritura fuera de l\u00edmites en la pila, espec\u00edficamente en la rutina de ensamblador blst_sha256_bcopy, ocurre debido a que falta una guarda de longitud cero. Un atacante en remoto puede explotar esto al proporcionar un par\u00e1metro de 'salt' de longitud cero a funciones de generaci\u00f3n de claves, como blst_keygen_v5(), si la aplicaci\u00f3n expone esta funcionalidad. Si se logra explotar con \u00e9xito se provoca una corrupci\u00f3n de memoria y la terminaci\u00f3n inmediata del proceso, lo que resulta en una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2026-06-17T10:31:31.800", "sourceIdentifier": "patrick@puiterwijk.org"}