漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation
Vulnerability Description
SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height >= 32 (which includes standard predefined parameters), this causes silent truncation to zero, resulting in a drastically undersized scratch buffer allocation followed by a heap buffer overflow during signature computation. Exploiting this issue would require an application using SymCrypt to perform an XMSS^MT signature using an attacker-controlled parameter set. It is uncommon for applications to allow the use of attacker-controlled parameter sets for signing, since signing is a private key operation, and private keys must be trusted by definition. Additionally, XMSS(^MT) signing should only be performed in a Hardware Security Module (HSM). XMSS(^MT) signing is provided in SymCrypt only for testing purposes. This is a general rule irrespective of this CVE; XMSS(^MT) and other stateful signature schemes are only cryptographically secure when it is guaranteed that the same state cannot be reused for two different signatures, which cannot be guaranteed by software alone. For this reason, XMSS(^MT) signing is also not FIPS approved when performed outside of an HSM. Fixed in version 103.11.0.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
Microsoft Windows SymCrypt 安全漏洞
Vulnerability Description
Microsoft Windows SymCrypt是美国微软(Microsoft)公司的SymCrypt 是 Windows 当前使用的核心加密函数库。 Microsoft Windows SymCrypt 103.5.0至103.11.0之前版本存在安全漏洞,该漏洞源于SymCryptXmssSign函数存在参数截断问题,可能导致堆缓冲区溢出。
CVSS Information
N/A
Vulnerability Type
N/A