Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uint8_t when storing the Common Name (CN) length. An attacker who crafts a certificate with CN = victim's CN + 256 bytes padding gets cn_size = (uint8_t)(256 + N) = N, where N is the victim's CN length. The first N bytes of the attacker's CN are the victim's identity. After parsing, the attacker's certificate has an identical CN to the victim's - enabling identity impersonation in PKCS#7 verification, certificate chain matching, and code signing. This issue has been patched in version 1.7.1.
AnalysisAI
Leancrypto library prior to version 1.7.1 allows remote attackers to impersonate X.509 certificate identities by crafting certificates with padded Common Names that exploit integer overflow when casting size_t to uint8_t, enabling spoofing in PKCS#7 verification, certificate chain matching, and code signing scenarios. The vulnerability has a moderate CVSS score of 5.9 (network-accessible, high complexity attack) and is not confirmed in active exploitation, though the attack is technically straightforward once a malicious certificate is crafted.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | CVSS 5.9 with AV:N/AC:H/PR:N indicates moderate severity with network accessibility but high attack complexity, reflecting the requirement for an attacker to craft a valid certificate and position it in a trust context. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker obtains or creates an X.509 certificate under a domain they control (e.g., attacker.com). They craft a malicious CN value consisting of the victim's legitimate CN (e.g., 'victim.com') prefixed with 256 bytes of padding, resulting in a total of 256 + N bytes. … |
| Remediation | Vendor-released patch: upgrade to leancrypto version 1.7.1 or later. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-681 – Incorrect Conversion between Numeric Types
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Micro 6.2 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18466