8 matches found
CVE-2026-2681
A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blstsha256bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation...
CVE-2026-2681 Github.com/supranational/blst: blst cryptographic library: denial of service via out-of-bounds stack write in key generation
A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blstsha256bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation...
CVE-2026-2681 Github.com/supranational/blst: blst cryptographic library: denial of service via out-of-bounds stack write in key generation
A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blstsha256bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation...
PT-2026-20648
A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst sha256 bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation...
CVE-2026-2681
A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blstsha256bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation...
GHSA-4G52-PQCJ-PHVH BLS Signature "Malleability"
Impact 1. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms - "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. 2. Lotus block validation functions perform a uniquenes...
CVE-2021-21405
Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...
CVE-2021-21405 BLS Signature "Malleability"
Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...