The low-level Dilithium code as used by Libgcrypt uses a static array PRE but fills it from the CTX arg w/o a check. This bug needs to be fixed but real-world severity is low because the context is a protocol or implementation defined constant and thus not derived from attacker controlled data..

Reported-by: Calif.io in collaboration with Claude and Anthropic Research.