CMAC + SERPENT/IDEA/RC2 buffer overflow/crash with oversized key

[Andreas Metzler]

On 2021-03-31 Guido Vranken via Gcrypt-devel <gcrypt-devel at gnupg.org> wrote:
> In the program below, each of three calls to cmac() causes a different
> crash (use AddressSanitizer to be sure). I think the correct approach is to
> make gcry_mac_setkey() return an error code if the key has an inappropriate
> size.
[...]

Is this exploitable?

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'