CVE-2026-2681

A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blstsha256bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation...

CVE-2026-2681

The CVE-2026-2681 entry concerns the blst cryptographic library. The vulnerability is an out-of-bounds stack write in the blst_sha256_bcopy assembly routine caused by a missing zero-length guard. A remote attacker could exploit this by supplying a zero-length salt to key generation functions (e.g...

CVE-2026-2681 Github.com/supranational/blst: blst cryptographic library: denial of service via out-of-bounds stack write in key generation

A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blstsha256bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation...

CVE-2026-2681 Github.com/supranational/blst: blst cryptographic library: denial of service via out-of-bounds stack write in key generation

A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blstsha256bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation...

PT-2026-20648

A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst sha256 bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation...

CVE-2026-2681

A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blstsha256bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation...

GO-2023-2003 Group signature validation bypass in github.com/supranational/blst

When complemented with a check for infinity, blst skips performing a signature group-check. Formally speaking, infinity is the identity element of the elliptic curve group and as such it is a member of the group, so the group-check should be performed. The fix performs the check even in the...

Weak Cryptography

github.com/supranational/blst is vulnerable to Weak Cryptography. The vulnerability exists due to logic errors in SigValidate function which results in group-check omission...

Blst has logical error in SigValidate in Go bindings

Impact Blst versions v0.3.0 through 0.3.10 failed to perform a signature group-check if the call to SigValidate in the Go bindings was complemented with a check for infinity. Formally speaking, infinity, or the identity element of the elliptic curve group, is a member of the group, and the...

GHSA-8C37-7QX3-4C4P Blst has logical error in SigValidate in Go bindings

Impact Blst versions v0.3.0 through 0.3.10 failed to perform a signature group-check if the call to SigValidate in the Go bindings was complemented with a check for infinity. Formally speaking, infinity, or the identity element of the elliptic curve group, is a member of the group, and the...

GO-2022-1053 Incorrect signatures in github.com/supranational/blst

Potential creation of an invalid signature from correct inputs. Some inputs to the blstfpeuclinverse function can produce incorrect outputs. This could theoretically permit the creation of an invalid signature from correct inputs...

Insecure Signature Verification

blst is vulnerable to insecure signature verification. The vulnerability exists due to bindingstrim.pl, which can produce incorrect outputs for some inputs. This flaw can result in an invalid signature...

Blst vulnerable to incorrect results for some inputs in blst_fp_eucl_inverse function

Impact Blst versions v0.3.0 to v0.3.2 can produce the incorrect outputs for some inputs to the blstfpeuclinverse function. This could theoretically result in the creation of an invalid signature from correct inputs. However, fuzzing of higher level functions such as sign and verify were unable to...

blst (=0.3.7), zeroize (>=0.6.0 <=0.7.0) potentially affected by CVE-2021-45706 via zeroize_derive (>=0.1.0 <=0.7.0)

zeroizederive CARGO version =0.1.0, =0.6.0, =0.7.0 Source cves: CVE-2021-45706 Source advisory: OSV:GHSA-C5HX-W945-J4PQ...

GHSA-4G52-PQCJ-PHVH BLS Signature "Malleability"

Impact 1. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms - "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. 2. Lotus block validation functions perform a uniquenes...

CVE-2021-21405

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...

CVE-2021-21405 BLS Signature "Malleability"

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...