Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height >= 32 (which includes standard predefined parameters), this causes silent truncation to zero, resulting in a drastically undersized scratch buffer allocation followed by a heap buffer overflow during signature computation. Exploiting this issue would require an application using SymCrypt to perform an XMSS^MT signature using an attacker-controlled parameter set. It is uncommon for applications to allow the use of attacker-controlled parameter sets for signing, since signing is a private key operation, and private keys must be trusted by definition. Additionally, XMSS(^MT) signing should only be performed in a Hardware Security Module (HSM). XMSS(^MT) signing is provided in SymCrypt only for testing purposes. This is a general rule irrespective of this CVE; XMSS(^MT) and other stateful signature schemes are only cryptographically secure when it is guaranteed that the same state cannot be reused for two different signatures, which cannot be guaranteed by software alone. For this reason, XMSS(^MT) signing is also not FIPS approved when performed outside of an HSM. Fixed in version 103.11.0.
AnalysisAI
Heap buffer overflow in Microsoft SymCrypt versions 103.5.0 through 103.10.x allows local authenticated attackers to cause denial of service or limited integrity compromise via silent truncation of a 64-bit leaf count parameter to 32 bits in the SymCryptXmssSign function during XMSS^MT signature operations with tree height >= 32. Real-world risk is significantly mitigated by the requirement for attacker-controlled signing parameters (uncommon in production), the private-key-operation context, and Microsoft's explicit guidance that XMSS^MT signing should only occur in Hardware Security Modules and is provided in SymCrypt for testing purposes only. No public exploit code or active exploitation has been identified.
Technical ContextAI
SymCrypt is Microsoft's core cryptographic function library integrated into Windows. The vulnerability exists in the SymCryptXmssSign function, which implements the XMSS^MT (eXtended Merkle Signature Scheme Multi-Tree) stateful signature algorithm. The root cause (CWE-122: Heap-based Buffer Overflow) stems from a type mismatch: the function accepts a 64-bit leaf count value but passes it to a helper function accepting only a 32-bit parameter. For XMSS^MT configurations with total tree height >= 32 bits (including all standard predefined parameter sets), this causes automatic truncation to zero. The zero value leads to undersized scratch buffer allocation, which is subsequently overflowed during signature computation. XMSS^MT is a quantum-resistant stateful signature scheme requiring strict state management across signing operations-a property that cannot be guaranteed by software alone, which is why it is restricted to HSM deployment in production environments.
RemediationAI
Vendor-released patch: SymCrypt version 103.11.0 or later. Organizations using SymCrypt 103.5.0 through 103.10.x should upgrade to version 103.11.0 or later. As a best practice independent of this CVE, XMSS^MT signature operations should only be performed within a Hardware Security Module environment, and direct use of XMSS^MT signing in software should be avoided in production deployments. For organizations unable to immediately patch, restrict local system access to trusted administrators only and audit any code paths that invoke SymCryptXmssSign to confirm parameter sources are not attacker-controlled. Refer to the GitHub Security Advisory (https://github.com/microsoft/SymCrypt/security/advisories/GHSA-rvj8-8h6x-hjmg) for additional context and deployment guidance.
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19472