Description
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uint8_t when storing the Common Name (CN) length. An attacker who crafts a certificate with CN = victim's CN + 256 bytes padding gets cn_size = (uint8_t)(256 + N) = N, where N is the victim's CN length. The first N bytes of the attacker's CN are the victim's identity. After parsing, the attacker's certificate has an identical CN to the victim's — enabling identity impersonation in PKCS#7 verification, certificate chain matching, and code signing. This issue has been patched in version 1.7.1.
Published: 2026-04-02
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Certificate Identity Impersonation
Action: Immediate Patch
AI Analysis

Impact

The vulnerable function in leancrypto cast a size_t length to a uint8_t when storing the Common Name length in a certificate. An attacker can supply a CN field that is 256 bytes longer than the victim’s CN. Because the high byte is truncated, the parsed length wraps to the victim’s CN length and the first N bytes of the attacker’s CN match the victim’s name. The resulting certificate appears to have the victim’s identity, allowing an attacker to forge PKCS#7 signatures, bypass certificate chain matching, or sign code that will be trusted as the victim. The weakness is an integer truncation error controlled by attacker‑supplied certificate data, creating the possibility of certificate impersonation. The exploit requires constructing a malicious certificate; the attacker can embed this certificate in any PKCS#7 or code‑signing workflow that relies on leancrypto for name parsing. The risk is limited to environments that use this library for certificate handling, and the impact is on confidentiality and integrity of signed data. Affected systems are those using smuellerDD:leancrypto prior to version 1.7.1. The patch was applied in v1.7.1, restoring proper size handling for CN lengths. Severity is moderate with a CVSS score of 5.9, no EPSS data is available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is a crafted certificate presented to an application that uses leancrypto for verification.

Affected Systems

Products: leancrypto library by smuellerDD. Versions before v1.7.1 are affected. The CVE affects any deployment of leancrypto that performs X.509 CN parsing.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate risk. Exploitation requires the attacker to create a certificate with a Common Name padded by 256 bytes, which can be done offline. Because the vulnerability is only in name parsing, lateral movement or system compromise requires the attacker to force certificate verification in the target application. No public exploits are known, and the vulnerability is not catalogued in KEV. However, the ability to impersonate a certificate authority or sign code means potential for significant damage if the library is used in security-sensitive contexts.

Generated by OpenCVE AI on April 2, 2026 at 22:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch by upgrading leancrypto to version 1.7.1 or later.

Generated by OpenCVE AI on April 2, 2026 at 22:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Smuellerdd
Smuellerdd leancrypto
Vendors & Products Smuellerdd
Smuellerdd leancrypto

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uint8_t when storing the Common Name (CN) length. An attacker who crafts a certificate with CN = victim's CN + 256 bytes padding gets cn_size = (uint8_t)(256 + N) = N, where N is the victim's CN length. The first N bytes of the attacker's CN are the victim's identity. After parsing, the attacker's certificate has an identical CN to the victim's — enabling identity impersonation in PKCS#7 verification, certificate chain matching, and code signing. This issue has been patched in version 1.7.1.
Title leancrypto: Integer truncation in X.509 name parser enables certificate identity impersonation
Weaknesses CWE-681
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Smuellerdd Leancrypto
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-03T17:25:10.195Z

Reserved: 2026-03-30T17:15:52.500Z

Link: CVE-2026-34610

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T18:16:32.567

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-34610

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:17:09Z

Weaknesses