EUVD-2026-18466
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
3Description
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uint8_t when storing the Common Name (CN) length. An attacker who crafts a certificate with CN = victim's CN + 256 bytes padding gets cn_size = (uint8_t)(256 + N) = N, where N is the victim's CN length. The first N bytes of the attacker's CN are the victim's identity. After parsing, the attacker's certificate has an identical CN to the victim's - enabling identity impersonation in PKCS#7 verification, certificate chain matching, and code signing. This issue has been patched in version 1.7.1.
Analysis
Leancrypto library prior to version 1.7.1 allows remote attackers to impersonate X.509 certificate identities by crafting certificates with padded Common Names that exploit integer overflow when casting size_t to uint8_t, enabling spoofing in PKCS#7 verification, certificate chain matching, and code signing scenarios. The vulnerability has a moderate CVSS score of 5.9 (network-accessible, high complexity attack) and is not confirmed in active exploitation, though the attack is technically straightforward once a malicious certificate is crafted.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today