Skip to main content

Leancrypto EUVDEUVD-2026-18466

| CVE-2026-34610 MEDIUM
Incorrect Conversion between Numeric Types (CWE-681)
2026-04-02 GitHub_M
5.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
1.7.1
EUVD ID Assigned
Apr 02, 2026 - 18:15 euvd
EUVD-2026-18466
Analysis Generated
Apr 02, 2026 - 18:15 vuln.today
CVE Published
Apr 02, 2026 - 17:54 nvd
MEDIUM 5.9

DescriptionGitHub Advisory

The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uint8_t when storing the Common Name (CN) length. An attacker who crafts a certificate with CN = victim's CN + 256 bytes padding gets cn_size = (uint8_t)(256 + N) = N, where N is the victim's CN length. The first N bytes of the attacker's CN are the victim's identity. After parsing, the attacker's certificate has an identical CN to the victim's - enabling identity impersonation in PKCS#7 verification, certificate chain matching, and code signing. This issue has been patched in version 1.7.1.

AnalysisAI

Leancrypto library prior to version 1.7.1 allows remote attackers to impersonate X.509 certificate identities by crafting certificates with padded Common Names that exploit integer overflow when casting size_t to uint8_t, enabling spoofing in PKCS#7 verification, certificate chain matching, and code signing scenarios. The vulnerability has a moderate CVSS score of 5.9 (network-accessible, high complexity attack) and is not confirmed in active exploitation, though the attack is technically straightforward once a malicious certificate is crafted.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment CVSS 5.9 with AV:N/AC:H/PR:N indicates moderate severity with network accessibility but high attack complexity, reflecting the requirement for an attacker to craft a valid certificate and position it in a trust context. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker obtains or creates an X.509 certificate under a domain they control (e.g., attacker.com). They craft a malicious CN value consisting of the victim's legitimate CN (e.g., 'victim.com') prefixed with 256 bytes of padding, resulting in a total of 256 + N bytes. …
Remediation Vendor-released patch: upgrade to leancrypto version 1.7.1 or later. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Server 16.0 Fixed
SUSE Linux Enterprise Server 16.1 Fixed
SUSE Linux Enterprise Server for SAP applications 16.0 Fixed
SUSE Linux Enterprise Server for SAP applications 16.1 Fixed

Share

EUVD-2026-18466 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy