CVE-2026-34610: CWE-681: Incorrect Conversion between Numeric Types in smuellerDD leancrypto
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uint8_t when storing the Common Name (CN) length. An attacker who crafts a certificate with CN = victim's CN + 256 bytes padding gets cn_size = (uint8_t)(256 + N) = N, where N is the victim's CN length. The first N bytes of the attacker's CN are the victim's identity. After parsing, the attacker's certificate has an identical CN to the victim's — enabling identity impersonation in PKCS#7 verification, certificate chain matching, and code signing. This issue has been patched in version 1.7.1.
AI Analysis
Technical Summary
The leancrypto library, which implements PQC-resistant cryptographic algorithms, contained a vulnerability in the function lc_x509_extract_name_segment() before version 1.7.1. The function incorrectly casts the CN length from size_t to uint8_t, causing truncation of the length value. An attacker can exploit this by creating a certificate with a CN consisting of the victim's CN plus 256 bytes of padding. Due to the cast, the CN length is truncated, making the attacker's CN appear identical to the victim's CN after parsing. This enables impersonation attacks in contexts relying on CN matching, such as PKCS#7 verification, certificate chain validation, and code signing. The vulnerability is tracked as CWE-681 (Incorrect Conversion between Numeric Types) and has a CVSS 3.1 base score of 5.9 (medium severity). The issue is fixed in leancrypto version 1.7.1.
Potential Impact
An attacker can impersonate a victim's identity by crafting a certificate that appears to have the same Common Name as the victim due to the numeric truncation bug. This can lead to bypassing identity checks in PKCS#7 signature verification, certificate chain matching, and code signing processes, potentially allowing unauthorized code execution or trust misattribution. There is no indication of availability impact or confidentiality loss. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade leancrypto to version 1.7.1 or later, where the vulnerability has been patched. No other mitigations are indicated or necessary as the fix addresses the root cause of the numeric truncation.
CVE-2026-34610: CWE-681: Incorrect Conversion between Numeric Types in smuellerDD leancrypto
Description
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uint8_t when storing the Common Name (CN) length. An attacker who crafts a certificate with CN = victim's CN + 256 bytes padding gets cn_size = (uint8_t)(256 + N) = N, where N is the victim's CN length. The first N bytes of the attacker's CN are the victim's identity. After parsing, the attacker's certificate has an identical CN to the victim's — enabling identity impersonation in PKCS#7 verification, certificate chain matching, and code signing. This issue has been patched in version 1.7.1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The leancrypto library, which implements PQC-resistant cryptographic algorithms, contained a vulnerability in the function lc_x509_extract_name_segment() before version 1.7.1. The function incorrectly casts the CN length from size_t to uint8_t, causing truncation of the length value. An attacker can exploit this by creating a certificate with a CN consisting of the victim's CN plus 256 bytes of padding. Due to the cast, the CN length is truncated, making the attacker's CN appear identical to the victim's CN after parsing. This enables impersonation attacks in contexts relying on CN matching, such as PKCS#7 verification, certificate chain validation, and code signing. The vulnerability is tracked as CWE-681 (Incorrect Conversion between Numeric Types) and has a CVSS 3.1 base score of 5.9 (medium severity). The issue is fixed in leancrypto version 1.7.1.
Potential Impact
An attacker can impersonate a victim's identity by crafting a certificate that appears to have the same Common Name as the victim due to the numeric truncation bug. This can lead to bypassing identity checks in PKCS#7 signature verification, certificate chain matching, and code signing processes, potentially allowing unauthorized code execution or trust misattribution. There is no indication of availability impact or confidentiality loss. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade leancrypto to version 1.7.1 or later, where the vulnerability has been patched. No other mitigations are indicated or necessary as the fix addresses the root cause of the numeric truncation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-30T17:15:52.500Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69ceb0a7e6bfc5ba1df381e5
Added to database: 4/2/2026, 6:08:39 PM
Last enriched: 4/9/2026, 10:43:32 PM
Last updated: 5/20/2026, 12:53:31 PM
Views: 50
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.