CVE-2026-35199: CWE-122: Heap-based Buffer Overflow in microsoft SymCrypt
SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height >= 32 (which includes standard predefined parameters), this causes silent truncation to zero, resulting in a drastically undersized scratch buffer allocation followed by a heap buffer overflow during signature computation. Exploiting this issue would require an application using SymCrypt to perform an XMSS^MT signature using an attacker-controlled parameter set. It is uncommon for applications to allow the use of attacker-controlled parameter sets for signing, since signing is a private key operation, and private keys must be trusted by definition. Additionally, XMSS(^MT) signing should only be performed in a Hardware Security Module (HSM). XMSS(^MT) signing is provided in SymCrypt only for testing purposes. This is a general rule irrespective of this CVE; XMSS(^MT) and other stateful signature schemes are only cryptographically secure when it is guaranteed that the same state cannot be reused for two different signatures, which cannot be guaranteed by software alone. For this reason, XMSS(^MT) signing is also not FIPS approved when performed outside of an HSM. Fixed in version 103.11.0.
AI Analysis
Technical Summary
Microsoft SymCrypt, a core cryptographic library in Windows, contains a heap-based buffer overflow in the SymCryptXmssSign function in versions 103.5.0 through 103.10.x. The vulnerability occurs because a 64-bit leaf count value is truncated to 32 bits when passed to a helper function, resulting in a buffer allocation that is too small for XMSS^MT signature computations with tree heights of 32 or greater. This buffer overflow can lead to memory corruption during signature generation. Exploitation requires the use of attacker-controlled parameter sets for XMSS^MT signing, which is unlikely in typical scenarios because signing operations require trusted private keys and are generally performed within HSMs. The vulnerability was addressed and fixed in version 103.11.0 of SymCrypt.
Potential Impact
The vulnerability can cause a heap buffer overflow during XMSS^MT signature computation, potentially leading to memory corruption and denial of service or other impacts on integrity. However, exploitation is constrained by the requirement that an application must perform XMSS^MT signing with attacker-controlled parameters, which is uncommon. Additionally, XMSS(^MT) signing is intended only for testing and should be performed in HSMs, limiting practical exposure. There are no known exploits in the wild.
Mitigation Recommendations
A fix for this vulnerability is available in SymCrypt version 103.11.0. Users and developers should upgrade to this version to remediate the issue. Since this vulnerability affects a specific and uncommon use case (XMSS^MT signing with attacker-controlled parameters), and signing should be performed in HSMs, typical users may not be exposed. No additional mitigations are indicated by the vendor advisory.
CVE-2026-35199: CWE-122: Heap-based Buffer Overflow in microsoft SymCrypt
Description
SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height >= 32 (which includes standard predefined parameters), this causes silent truncation to zero, resulting in a drastically undersized scratch buffer allocation followed by a heap buffer overflow during signature computation. Exploiting this issue would require an application using SymCrypt to perform an XMSS^MT signature using an attacker-controlled parameter set. It is uncommon for applications to allow the use of attacker-controlled parameter sets for signing, since signing is a private key operation, and private keys must be trusted by definition. Additionally, XMSS(^MT) signing should only be performed in a Hardware Security Module (HSM). XMSS(^MT) signing is provided in SymCrypt only for testing purposes. This is a general rule irrespective of this CVE; XMSS(^MT) and other stateful signature schemes are only cryptographically secure when it is guaranteed that the same state cannot be reused for two different signatures, which cannot be guaranteed by software alone. For this reason, XMSS(^MT) signing is also not FIPS approved when performed outside of an HSM. Fixed in version 103.11.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Microsoft SymCrypt, a core cryptographic library in Windows, contains a heap-based buffer overflow in the SymCryptXmssSign function in versions 103.5.0 through 103.10.x. The vulnerability occurs because a 64-bit leaf count value is truncated to 32 bits when passed to a helper function, resulting in a buffer allocation that is too small for XMSS^MT signature computations with tree heights of 32 or greater. This buffer overflow can lead to memory corruption during signature generation. Exploitation requires the use of attacker-controlled parameter sets for XMSS^MT signing, which is unlikely in typical scenarios because signing operations require trusted private keys and are generally performed within HSMs. The vulnerability was addressed and fixed in version 103.11.0 of SymCrypt.
Potential Impact
The vulnerability can cause a heap buffer overflow during XMSS^MT signature computation, potentially leading to memory corruption and denial of service or other impacts on integrity. However, exploitation is constrained by the requirement that an application must perform XMSS^MT signing with attacker-controlled parameters, which is uncommon. Additionally, XMSS(^MT) signing is intended only for testing and should be performed in HSMs, limiting practical exposure. There are no known exploits in the wild.
Mitigation Recommendations
A fix for this vulnerability is available in SymCrypt version 103.11.0. Users and developers should upgrade to this version to remediate the issue. Since this vulnerability affects a specific and uncommon use case (XMSS^MT signing with attacker-controlled parameters), and signing should be performed in HSMs, typical users may not be exposed. No additional mitigations are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-01T18:48:58.937Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d4982faaed68159ac9fdfd
Added to database: 4/7/2026, 5:37:51 AM
Last enriched: 4/7/2026, 5:38:01 AM
Last updated: 4/8/2026, 1:53:14 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.