Bug 2440582

Summary: CVE-2026-2681 python-ckzg: blst cryptographic library: Denial of Service via out-of-bounds stack write in key generation [fedora-all]
Product: [Fedora] Fedora Reporter: Abhishek Raj <abhraj>
Component: python-ckzgAssignee: Peter Lemenkov <lemenkov>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: lemenkov
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: {"flaws": ["55fe3030-c1af-4d2e-bd6a-3f6efff09809"]}
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2026-03-04 12:43:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2440580    

Description Abhishek Raj 2026-02-18 12:31:44 UTC 
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Comment 1 Peter Lemenkov 2026-03-04 12:38:40 UTC 
CVE-2026-2681 — python-ckzg exploitability analysis

CVE-2026-2681 affects the blst_sha256_bcopy assembly routine in the blst cryptographic library, triggered by passing a zero-length salt parameter to blst_keygen_v5() (or related key generation functions). This causes an out-of-bounds stack write leading to memory corruption and process termination (DoS).

python-ckzg bundles blst v0.3.16 (via the c-kzg-4844 library), which predates the fix for this CVE. However, the vulnerable codepath is not reachable through python-ckzg:

- c-kzg-4844 uses blst exclusively for BLS12-381 curve operations (point multiplication, pairing, etc.) and blst_sha256() hashing for polynomial commitment verification.
- c-kzg-4844 does not call blst_keygen_v5(), blst_keygen_v4_5(), blst_keygen_v3(), or any other blst key generation functions:

$ grep -R blst_keygen_ src/
$ (no output)

- The Python bindings themselves are a thin FFI wrapper around the C core and contain no direct blst calls either:

$ grep -R blst_ bindings/python/
$ (no output)

The vulnerable functions are present in the statically linked blst library but are effectively dead code in the context of c-kzg-4844. There is no API path through python-ckzg that could reach blst_keygen_v5() with any parameters, let alone the zero-length salt required to trigger the flaw.

Conclusion: python-ckzg is not exploitable via CVE-2026-2681. The bundled blst will be updated to a fixed version when upstream c-kzg-4844 cuts a new release (the fix is already on their main branch: https://github.com/ethereum/c-kzg-4844/commit/5b90e0ba62d4fa5d013b3ac1508c0ab0203b67a4).