Out-of-Bounds Stack Write vulnerability in the blst_sha256_bcopy assembly routine of the blst cryptographic library. The flaw is caused by a missing zero-length guard in the copy loop implementation. When blst_keygen_v5() (or related key generation functions) is called with a valid non-NULL salt pointer and salt_len equal to zero, the length counter underflows, causing the loop to execute and write beyond intended stack boundaries. This results in memory corruption and immediate process termination. This issue can be triggered without authentication or user interaction if an application exposes key generation with attacker-controlled salt parameters, leading to a denial-of-service condition.
While it is possible to trigger the crash with a zero-length salt, the parameter in question is chosen during application development stage and remains fixed at deployment, hence can't be controlled by an untrusted party. This means the CVE in question is misclassified as remote vulnerability. Formally speaking it shouldn't have been even allocated. However, since there is no procedure to revoke a CVE, as far as I understand, it should be amended as a non-issue. See https://github.com/supranational/blst/issues/280 for more information.