Microsoft SymCrypt Heap Buffer Overflow Vulnerability in XMSSMT Signing

A heap buffer overflow vulnerability has been identified in the SymCrypt library, specifically in the SymCryptXmssSign function. This issue arises in versions 103.5.0 prior to 103.11.0. The vulnerability is caused by the function passing a 64-bit leaf count value to a helper that only accepts a 32-bit parameter. In XMSS^MT parameter sets with a total tree height of 32 or more, this leads to a silent truncation of the value to zero. Consequently, this creates a significantly undersized scratch buffer allocation, which is followed by a heap buffer overflow during the signature computation process. Exploitation of this vulnerability would require an application to use SymCrypt for XMSS^MT signing with an attacker-controlled parameter set. Such a scenario is rare, as signing operations involve private keys that must be trusted. Furthermore, XMSS(^MT) signing should only be conducted within a Hardware Security Module (HSM). In SymCrypt, XMSS(^MT) signing is available solely for testing purposes.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, where the SymCryptXmssSign function writes beyond the allocated memory buffer on the heap.

Remediation

Users can upgrade to SymCrypt version 103.11.0 to address this vulnerability.