Description

The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uint8_t when storing the Common Name (CN) length. An attacker who crafts a certificate with CN = victim's CN + 256 bytes padding gets cn_size = (uint8_t)(256 + N) = N, where N is the victim's CN length. The first N bytes of the attacker's CN are the victim's identity. After parsing, the attacker's certificate has an identical CN to the victim's — enabling identity impersonation in PKCS#7 verification, certificate chain matching, and code signing. This issue has been patched in version 1.7.1.

INFO

Published Date :

2026-04-02T17:54:53.250Z

Last Modified :

2026-04-02T17:54:53.250Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34610 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34610.

URL Resource
https://github.com/smuellerDD/leancrypto/commit/5cdcbe12bd6c3d6e87e969972a580b44a74c3a6a cve-icon cve-icon
https://github.com/smuellerDD/leancrypto/releases/tag/v1.7.1 cve-icon cve-icon
https://github.com/smuellerDD/leancrypto/security/advisories/GHSA-636g-jxv4-v4gr cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact