Nixpkgs security tracker

Permalink CVE-2026-2681

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): LOW

created 2 months ago Activity log

Created suggestion 2 months ago

Github.com/supranational/blst: blst cryptographic library: denial of service via out-of-bounds stack write in key generation

A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation functions, such as blst_keygen_v5(), if the application exposes this functionality. Successful exploitation leads to memory corruption and immediate process termination, resulting in a denial-of-service (DoS) condition.

References

https://access.redhat.com/security/cve/CVE-2026-2681 vdb-entryx_refsource_REDHAT
RHBZ#2440580 issue-trackingx_refsource_REDHAT

Affected products

blst

=<0.3.16

Matching in nixpkgs

pkgs.blst

Multilingual BLS12-381 signature library

nixos-unstable 0.3.16
- nixpkgs-unstable 0.3.16
- nixos-unstable-small 0.3.16
nixos-25.11 0.3.16
- nixos-25.11-small 0.3.16
- nixpkgs-25.11-darwin 0.3.16

pkgs.haskellPackages.hsblst

Haskell bindings to BLST

nixos-unstable 0.0.4
- nixpkgs-unstable 0.0.4
- nixos-unstable-small 0.0.4
nixos-25.11 0.0.4
- nixos-25.11-small 0.0.4
- nixpkgs-25.11-darwin 0.0.4

Package maintainers

@iquerejeta Inigo Querejeta-Azurmendi
@yvan-sraka Yvan Sraka <yvan@sraka.xyz>