CVE-2026-34610

MEDIUM 5.9

leancrypto: Integer truncation in X.509 name parser enables certificate identity impersonation

CVSS Score

5.9

EPSS Score

0.0%

EPSS Percentile

3th

The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uint8_t when storing the Common Name (CN) length. An attacker who crafts a certificate with CN = victim's CN + 256 bytes padding gets cn_size = (uint8_t)(256 + N) = N, where N is the victim's CN length. The first N bytes of the attacker's CN are the victim's identity. After parsing, the attacker's certificate has an identical CN to the victim's — enabling identity impersonation in PKCS#7 verification, certificate chain matching, and code signing. This issue has been patched in version 1.7.1.

CWE	CWE-681
Vendor	smuellerdd
Product	leancrypto
Published	Apr 2, 2026
Last Updated	Apr 3, 2026

Stay Ahead of the Next One

Get instant alerts for smuellerdd leancrypto

Be the first to know when new medium vulnerabilities affecting smuellerdd leancrypto are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

smuellerDD / leancrypto

< 1.7.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/smuellerDD/leancrypto/security/advisories/GHSA-636g-jxv4-v4gr github.com: https://github.com/smuellerDD/leancrypto/commit/5cdcbe12bd6c3d6e87e969972a580b44a74c3a6a github.com: https://github.com/smuellerDD/leancrypto/releases/tag/v1.7.1