CVE-2026-34610
Integer Overflow in leancrypto CN Parsing Enables Identity Impersonation
Publication date: 2026-04-02
Last updated on: 2026-04-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| leancrypto | leancrypto | to 1.7.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-681 | When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability enables identity impersonation by allowing an attacker to craft a certificate that appears to have the same Common Name (CN) as a victim. This impersonation can be exploited in PKCS#7 verification, certificate chain matching, and code signing, potentially allowing unauthorized code execution or trust bypass.
Such impersonation and trust bypass issues can undermine the integrity of cryptographic operations and identity verification processes, which are critical for compliance with security requirements in standards like GDPR and HIPAA. These regulations mandate strong protections for identity verification and data integrity to prevent unauthorized access and ensure data security.
Therefore, this vulnerability could negatively impact compliance by weakening the assurance of identity and integrity in cryptographic processes, potentially leading to unauthorized access or data manipulation.
Can you explain this vulnerability to me?
The vulnerability in the leancrypto library involves an integer truncation bug in the function that parses the Common Name (CN) field of X.509 certificates. Specifically, the length of the CN is cast from a larger size type to an 8-bit integer, causing overflow when the CN length exceeds 255 bytes. An attacker can craft a malicious certificate with a CN that includes the victim's CN plus 256 bytes of padding. Due to the truncation, the stored CN length wraps around, making the attackerβs CN appear identical to the victimβs CN during parsing.
This flaw allows the attacker to impersonate the victim's identity in certificate verification processes such as PKCS#7 signature verification, certificate chain matching, and code signing. The root cause is improper type casting leading to data truncation and partial matching of subject names, enabling identity spoofing.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to impersonate another entity by crafting a malicious certificate that appears to have the same Common Name (CN) as a legitimate certificate. This impersonation can be exploited in security-sensitive operations such as PKCS#7 signature verification, certificate chain validation, and code signing.
As a result, an attacker could bypass identity checks, potentially leading to unauthorized code execution or trust bypass. The vulnerability affects the integrity of the system by allowing identity spoofing, although it does not impact confidentiality or availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a flaw in the parsing of X.509 certificate Common Name (CN) fields where the CN length is truncated due to casting from size_t to uint8_t. Detection involves identifying certificates with unusually long CN fields (greater than 255 bytes) that could exploit this truncation.
To detect this on your system or network, you can inspect certificates used in your environment for CN fields exceeding 255 bytes. Commands that parse and display certificate subject names can help identify suspicious certificates.
- Use OpenSSL to inspect certificate CN length: `openssl x509 -in certificate.pem -noout -subject` and check if the CN component length is suspiciously long.
- Extract the CN field length programmatically, for example using OpenSSL and parsing the output with scripting languages (e.g., Python, Bash) to flag CNs longer than 255 bytes.
- Monitor certificate chains and PKCS#7 signatures for unexpected identity matches or duplicates that could indicate impersonation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade the leancrypto library to version 1.7.1 or later, where the vulnerability has been fixed by correcting the size handling of X.509 subject name components.
If upgrading immediately is not possible, consider implementing strict certificate validation policies that reject certificates with unusually long CN fields or those that appear to impersonate other identities.
Additionally, review and monitor your certificate usage, especially in PKCS#7 verification, certificate chain matching, and code signing processes, to detect and block suspicious certificates.
Use the updated library features such as the selectable AES-C implementation for enhanced security, as introduced in version 1.7.1.