Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionGitHub Advisory
CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7.
AnalysisAI
Buffer overflow in CROSS crypto_sign_open() function allows remote attackers to corrupt memory via malformed signature input due to integer underflow in message length validation. The vulnerability affects the reference implementation prior to commit fc6b7e7, enabling potential code execution or denial of service when processing untrusted signatures. The flaw exists in the core cryptographic signing operation with no authentication required, making it exploitable in any system integrating this algorithm for signature verification.
Technical ContextAI
CROSS is a post-quantum cryptographic signature algorithm implemented in C. The vulnerability exists in crypto_sign_open(), a function responsible for verifying and extracting messages from signed data. The root cause is a missing bounds check on the smlen (signed message length) parameter before it is used to calculate memory offsets. When smlen is smaller than the expected signature structure size (sizeof(CROSS_sig_t)), an integer underflow occurs, causing the function to write beyond allocated buffer boundaries on the stack. This is a classic stack-based buffer overflow (CWE-121) in cryptographic message processing code. The affected code path is triggered during signature verification operations, a fundamental operation in any public-key infrastructure using CROSS.
RemediationAI
Update CROSS implementation to commit fc6b7e7 or later, which adds the critical bounds check: if (smlen < (size_t) sizeof(CROSS_sig_t)) { return -1; }. Users should pull the latest code from the CROSS-signature/CROSS-implementation GitHub repository main branch and rebuild. For organizations unable to update immediately, disable CROSS signature verification in production systems until patching is complete, or restrict signature processing to messages of known minimum length validated at the application layer before calling crypto_sign_open(). If CROSS is used in hybrid schemes (with traditional algorithms), fall back to the non-CROSS signature verification path. The patch is a simple defensive check with no performance or compatibility side effects - there is no reason to delay deployment.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28598