CVE-2026-35199: CWE-122: Heap-based Buffer Overflow in microsoft SymCrypt
CVE-2026-35199 is a heap-based buffer overflow vulnerability in Microsoft SymCrypt versions 103. 5. 0 up to but not including 103. 11. 0. The issue arises in the SymCryptXmssSign function when a 64-bit leaf count is truncated to 32 bits, causing an undersized buffer allocation and subsequent overflow during signature computation. Exploitation requires an application to perform XMSS^MT signing with attacker-controlled parameters, which is uncommon and generally restricted to trusted private keys or hardware security modules. This vulnerability is fixed in SymCrypt version 103. 11. 0.
AI Analysis
Technical Summary
Microsoft SymCrypt, a core cryptographic library used by Windows, contains a heap-based buffer overflow in the SymCryptXmssSign function in versions from 103.5.0 to before 103.11.0. The vulnerability occurs because a 64-bit leaf count parameter is passed to a helper function expecting a 32-bit value, leading to silent truncation to zero for certain XMSS^MT parameter sets with tree height >= 32. This truncation results in an undersized scratch buffer allocation and a heap overflow during signature computation. Exploitation requires the use of attacker-controlled parameter sets for XMSS^MT signing, which is uncommon since signing operations rely on trusted private keys and are typically performed in hardware security modules. XMSS^MT signing in SymCrypt is intended for testing and is not FIPS approved outside of HSMs. The issue is resolved in version 103.11.0.
Potential Impact
The vulnerability can cause a heap-based buffer overflow during XMSS^MT signature computation, potentially leading to denial of service or other impacts related to memory corruption. However, exploitation is limited by the requirement that an application must perform XMSS^MT signing with attacker-controlled parameters, which is uncommon and generally restricted to trusted environments. There are no known exploits in the wild.
Mitigation Recommendations
This vulnerability is fixed in SymCrypt version 103.11.0. Users should upgrade to version 103.11.0 or later to remediate this issue. Since the vulnerability affects a specific function used primarily for testing and requires attacker-controlled signing parameters, typical usage scenarios are unlikely to be vulnerable. No additional mitigations are indicated.
CVE-2026-35199: CWE-122: Heap-based Buffer Overflow in microsoft SymCrypt
Description
CVE-2026-35199 is a heap-based buffer overflow vulnerability in Microsoft SymCrypt versions 103. 5. 0 up to but not including 103. 11. 0. The issue arises in the SymCryptXmssSign function when a 64-bit leaf count is truncated to 32 bits, causing an undersized buffer allocation and subsequent overflow during signature computation. Exploitation requires an application to perform XMSS^MT signing with attacker-controlled parameters, which is uncommon and generally restricted to trusted private keys or hardware security modules. This vulnerability is fixed in SymCrypt version 103. 11. 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Microsoft SymCrypt, a core cryptographic library used by Windows, contains a heap-based buffer overflow in the SymCryptXmssSign function in versions from 103.5.0 to before 103.11.0. The vulnerability occurs because a 64-bit leaf count parameter is passed to a helper function expecting a 32-bit value, leading to silent truncation to zero for certain XMSS^MT parameter sets with tree height >= 32. This truncation results in an undersized scratch buffer allocation and a heap overflow during signature computation. Exploitation requires the use of attacker-controlled parameter sets for XMSS^MT signing, which is uncommon since signing operations rely on trusted private keys and are typically performed in hardware security modules. XMSS^MT signing in SymCrypt is intended for testing and is not FIPS approved outside of HSMs. The issue is resolved in version 103.11.0.
Potential Impact
The vulnerability can cause a heap-based buffer overflow during XMSS^MT signature computation, potentially leading to denial of service or other impacts related to memory corruption. However, exploitation is limited by the requirement that an application must perform XMSS^MT signing with attacker-controlled parameters, which is uncommon and generally restricted to trusted environments. There are no known exploits in the wild.
Mitigation Recommendations
This vulnerability is fixed in SymCrypt version 103.11.0. Users should upgrade to version 103.11.0 or later to remediate this issue. Since the vulnerability affects a specific function used primarily for testing and requires attacker-controlled signing parameters, typical usage scenarios are unlikely to be vulnerable. No additional mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-01T18:48:58.937Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d4982faaed68159ac9fdfd
Added to database: 4/7/2026, 5:37:51 AM
Last enriched: 4/14/2026, 4:00:11 PM
Last updated: 5/22/2026, 1:33:15 PM
Views: 156
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.