CVE-2026-44378

A flaw was found in Botan, a C++ cryptography library. A remote attacker could exploit this vulnerability by sending specially crafted Basic Encoding Rules BER data with indefinite length encodings. This could cause quadratic behavior in the parser, leading to a denial of service DoS due to...

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the BER data parsing process. An attacker can cause excessive resource consumption and service disruption by submitting specially crafted indefinite length encodings. Remediation Upgrade botan to...

CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

CVE-2026-44378

Botan (C++ cryptography library) is affected prior to version 3.12.0. Indefinite-length BER encodings could trigger quadratic parser behavior, even in structures that must be DER, leading to denial of service. The issue is fixed in 3.12.0. There are no explicit exploit details or in-the-wild expl...

CVE-2026-44378 Botan: Quadratic complexity decoding BER indefinite length encodings

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

Botan 安全漏洞

Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan prior to 3.12.0 contained security vulnerabilities. These vulnerabilities were caused byBER data, which led to reassembly behavior by the parser, potentially resulting in denial-of-service attack...

PT-2026-42855

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.12.0 Description Certain patterns of indefinite length encodings in Basic Encoding Rules BER data can cause quadratic behavior in the parser, leading to a denial of service. These BER encodings were accepted even in...

SUSE-SU-2026:21492-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects bsc1263819...

CVE-2026-27452

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...

CVE-2026-27452 ASN.1 TypeScript Library: Decoding an INTEGER could leak the underlying ArrayBuffer

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...

CVE-2026-27452

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...

EUVD-2001-0959

Malware in sbrugna...

PT-2024-31492

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This...

DEBIAN-CVE-2024-42461

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

SUSE CVE-2016-9132

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned incorrect and attacker controlled length field in a way which later causes memory corruption or other failure...

SUSE CVE-2018-14343

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer...

SUSE CVE-2019-9209

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values...

CVE-2020-28196

MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...

CVE-2020-14937

Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer read or write access ...

Cisco Adaptive Security Appliance Software Lightweight Directory Access Protocol Denial of Service Vulnerability (cisco-sa-20190501-asa-ftds-ldapdos)

According to its self-reported version, the Cisco ASA device is affected by a vulnerability in the implementation of the Lightweight Directory Access Protocol LDAP feature in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated,...