Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
blst Library: Zero-Length Salt Triggers Crash
CVE-2026-2681
Summary
The blst library has a vulnerability that can cause a critical error if a program using it is given a special kind of input. This could potentially lead to a program crash, which would make the system unavailable until it is restarted. You may want to update the blst library to a fixed version to prevent this issue.
Original title
A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. ...
Original description
A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation functions, such as blst_keygen_v5(), if the application exposes this functionality. Successful exploitation leads to memory corruption and immediate process termination, resulting in a denial-of-service (DoS) condition.
nvd CVSS3.1
5.3
Vulnerability type
CWE-787
Out-of-bounds Write
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026