Description
SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height >= 32 (which includes standard predefined parameters), this causes silent truncation to zero, resulting in a drastically undersized scratch buffer allocation followed by a heap buffer overflow during signature computation. Exploiting this issue would require an application using SymCrypt to perform an XMSS^MT signature using an attacker-controlled parameter set. It is uncommon for applications to allow the use of attacker-controlled parameter sets for signing, since signing is a private key operation, and private keys must be trusted by definition. Additionally, XMSS(^MT) signing should only be performed in a Hardware Security Module (HSM). XMSS(^MT) signing is provided in SymCrypt only for testing purposes. This is a general rule irrespective of this CVE; XMSS(^MT) and other stateful signature schemes are only cryptographically secure when it is guaranteed that the same state cannot be reused for two different signatures, which cannot be guaranteed by software alone. For this reason, XMSS(^MT) signing is also not FIPS approved when performed outside of an HSM. Fixed in version 103.11.0.
Published: 2026-04-06
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Heap Buffer Overflow
Action: Apply Patch
AI Analysis

Impact

SymCrypt, a core cryptographic library built into Windows, contains a heap buffer overflow in the SymCryptXmssSign function. The bug occurs when the routine receives a 64‑bit leaf count for an XMSS‑MT key and passes it to a helper that expects a 32‑bit value. When the leaf count exceeds 32 bits, the helper truncates the value to zero, causing an undersized scratch buffer and a write beyond its bounds during signature computation. The vulnerability is a classic heap overflow (CWE‑122) that can corrupt memory and potentially allow an attacker to gain arbitrary code execution or cause a denial of service. The flaw is triggered only when an application performs an XMSS‑MT signature with an attacker‑controlled parameter set, a scenario that is unlikely in standard Windows deployments because private‑key operations normally use trusted parameters and are intended for HSM or testing use.

Affected Systems

Microsoft SymCrypt versions 103.5.0 through 103.10.x are affected. The issue resides in the SymCryptXmssSign facility, which is part of the Windows cryptographic stack. Systems that use SymCrypt directly or via higher‑level APIs to perform XMSS‑MT signing with custom parameter sets are vulnerable. The vulnerability is fixed in SymCrypt 103.11.0 and later.

Risk and Exploitability

The CVSS base score is 6.1, indicating moderate severity. EPSS data is unavailable and the vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. Exploitation requires an application that issues a SymCryptXmssSign call with an attacker‑controlled XMSS‑MT parameter set—a rare scenario because signing is a secret‑key operation and XMSS‑MT signing is intended for HSM use or testing. As a result, the realistic attack surface is narrow, and practical exploitation would likely be difficult without additional privileges or configuration changes. If the prerequisites can be met, the buffer overflow could lead to arbitrary code execution or denial of service.

Generated by OpenCVE AI on April 7, 2026 at 01:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Microsoft SymCrypt to version 103.11.0 or later.
  • If an upgrade is not possible, avoid using SymCryptXmssSign with custom parameter sets and restrict signing to trusted, predefined parameters only.
  • Prefer performing XMSS‑MT signing in a Hardware Security Module or other secure enclave rather than in ordinary software.
  • Monitor applications for crashes or memory corruption and apply security updates promptly.

Generated by OpenCVE AI on April 7, 2026 at 01:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft symcrypt
Vendors & Products Microsoft
Microsoft symcrypt

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height >= 32 (which includes standard predefined parameters), this causes silent truncation to zero, resulting in a drastically undersized scratch buffer allocation followed by a heap buffer overflow during signature computation. Exploiting this issue would require an application using SymCrypt to perform an XMSS^MT signature using an attacker-controlled parameter set. It is uncommon for applications to allow the use of attacker-controlled parameter sets for signing, since signing is a private key operation, and private keys must be trusted by definition. Additionally, XMSS(^MT) signing should only be performed in a Hardware Security Module (HSM). XMSS(^MT) signing is provided in SymCrypt only for testing purposes. This is a general rule irrespective of this CVE; XMSS(^MT) and other stateful signature schemes are only cryptographically secure when it is guaranteed that the same state cannot be reused for two different signatures, which cannot be guaranteed by software alone. For this reason, XMSS(^MT) signing is also not FIPS approved when performed outside of an HSM. Fixed in version 103.11.0.
Title SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Microsoft Symcrypt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-07T15:10:00.886Z

Reserved: 2026-04-01T18:48:58.937Z

Link: CVE-2026-35199

cve-icon Vulnrichment

Updated: 2026-04-07T14:56:20.545Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-06T20:16:27.543

Modified: 2026-04-07T13:20:11.643

Link: CVE-2026-35199

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T09:37:23Z

Weaknesses