Leancrypto Library X.509 Name Parser Integer Truncation Vulnerability Allowing Identity Impersonation

A vulnerability in the leancrypto library's X.509 name parsing function, lc_x509_extract_name_segment(), prior to version 1.7.1, allows for identity impersonation. The issue arises because the function improperly casts the length of the Common Name (CN) from size_t to uint8_t. An attacker can exploit this by crafting a certificate with a CN that includes the victim's CN followed by 256 bytes of padding. This manipulation causes the parsed CN length to incorrectly reflect the victim's identity, enabling impersonation during PKCS#7 verification, certificate chain matching, and code signing.

Impact

Exploitation of this vulnerability allows an attacker to impersonate a victim by crafting a certificate that appears to have the same Common Name, facilitating unauthorized actions in PKCS#7 verification, certificate chain matching, and code signing.

Reproduction

To reproduce this vulnerability, create a certificate with a Common Name that includes the target's CN followed by 256 bytes of padding. Once the certificate is parsed, it will be treated as if it has the same CN as the victim, allowing for identity impersonation.

Remediation

Users can upgrade to leancrypto version 1.7.1 or later, where this vulnerability has been patched.