[gnutls-devel] GnuTLS | Null Pointer Dereference in x86 Hash Fast Backend via `gnutls_hash_fast()` (#1899)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Jun 5 02:02:32 CEST 2026
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/work_items/1899#note_3424218379
> `gnutls_hash_fast(GNUTLS_DIG_SHA256, NULL, 64, digest);`
This is an API mis-use, which is out of scope of our threat model: https://gitlab.com/gnutls/gnutls/-/blob/master/SECURITY.md?ref_type=heads#threat-model
If we were to address it, that would be adding an `assert` to be clear that it is a programming error of the application.
Please stop reporting issues in this class of problems.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1899#note_3424218379
You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/5-33j0odg273gnxdiiwmrix8bd4-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260605/df5207a7/attachment.html>
More information about the Gnutls-devel
mailing list