CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

CVE-2026-34580 Botan has a certificate authentication bypass due to trust anchor confusion

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

EUVD-2026-19947

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

CVE-2026-34580 Botan has a certificate authentication bypass due to trust anchor confusion

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

CVE-2026-34580

CVE-2026-34580 affects Botan 3.11.0, where Certificate_Store::certificate_known could misidentify certificates during path validation. The function returned true when the DN (and subject key identifier, if set) matched the argument, without verifying the certificates were identical. A later path-...

CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

PT-2026-31027

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.11.1 Description The Botan cryptography library contains a flaw in the Certificate Store::certificate known function. This function incorrectly identifies certificates, returning true if any certificate in the store h...

Botan 信任管理问题漏洞

Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Version 3.11.0 of Botan contains a vulnerability related to trust management. This vulnerability stems from a logical error in the CertificateStore::certificateknown function, which may lead to the acceptance of...

Botan 安全漏洞

Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan prior to 3.11.1 contained security vulnerabilities. These vulnerabilities stemmed from the implementation of TLS 1.3, which processed application data records before receiving the Finished messag...

PT-2026-31028

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

Linux Distros Unpatched Vulnerability : CVE-2026-34582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished...

Linux Distros Unpatched Vulnerability : CVE-2026-32884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of...

CVE-2026-32877

A flaw was found in Botan, a C++ cryptography library. During SM2 decryption, the library failed to validate the length of the authentication code value C3 before comparison. A remote attacker could exploit this by providing a specially crafted invalid ciphertext, leading to a heap over-read of u...

CVE-2026-32883

A flaw was found in Botan. A remote attacker could exploit a vulnerability in the X509 path validation process where the signature of Online Certificate Status Protocol OCSP responses was not verified. This omission allows an attacker to provide forged OCSP responses, potentially leading to the...

Linux Distros Unpatched Vulnerability : CVE-2026-32883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate...

Linux Distros Unpatched Vulnerability : CVE-2026-32877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the OCSP response validation process. An attacker can bypass certificate revocation checks by providing a forged OCSP response, potentially enabling man-in-the-middle attacks...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SM2 decryption process due to improper validation of the encoded C3 hash field length prior to comparison. An attacker can cause a heap buffer over-read, potentially leading to a crash or other undefined...

DEBIAN-CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...