CVE-2026-44378

A flaw was found in Botan, a C++ cryptography library. A remote attacker could exploit this vulnerability by sending specially crafted Basic Encoding Rules BER data with indefinite length encodings. This could cause quadratic behavior in the parser, leading to a denial of service DoS due to...

SUSE CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the BER data parsing process. An attacker can cause excessive resource consumption and service disruption by submitting specially crafted indefinite length encodings. Remediation Upgrade botan to...

CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

CVE-2026-44378 Botan: Quadratic complexity decoding BER indefinite length encodings

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

EUVD-2026-32582

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

CVE-2026-44378

Botan (C++ cryptography library) is affected prior to version 3.12.0. Indefinite-length BER encodings could trigger quadratic parser behavior, even in structures that must be DER, leading to denial of service. The issue is fixed in 3.12.0. There are no explicit exploit details or in-the-wild expl...

CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

CVE-2026-44378 Botan: Quadratic complexity decoding BER indefinite length encodings

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

Botan 安全漏洞

Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan prior to 3.12.0 contained security vulnerabilities. These vulnerabilities were caused byBER data, which led to reassembly behavior by the parser, potentially resulting in denial-of-service attack...

PT-2026-42855

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.12.0 Description Certain patterns of indefinite length encodings in Basic Encoding Rules BER data can cause quadratic behavior in the parser, leading to a denial of service. These BER encodings were accepted even in...

[SECURITY] Fedora 44 Update: botan3-3.9.0-7.fc44

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \11 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

openSUSE 16 Security Update : Botan (openSUSE-SU-2026:20566-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20566-1 advisory. This update for Botan fixes the following issue: - CVE-2026-32884: Certificate validation bypass due to mixed-case Common Name in X.509 certificates...

Security update for Botan (critical)

openSUSE security update: security update for botan ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20528-1 Rating: critical References: bsc1261880 Cross-References: CVE-2026-34582 CVSS scores: CVE-2026-34582 SUSE : 9.1...

OPENSUSE-SU-2026:20566-1 Security update for Botan

This update for Botan fixes the following issue: - CVE-2026-32884: Certificate validation bypass due to mixed-case Common Name in X.509 certificates bsc1261993...

Security update for Botan (important)

openSUSE Security Update: Security update for Botan Announcement ID: openSUSE-SU-2026:0142-1 Rating: important References: 1261880 Cross-References: CVE-2026-34582 CVSS scores: CVE-2026-34582 SUSE: 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP7 A...

Botan-3.11.1-1.1 on GA media (moderate)

Botan-3.11.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10540-1 Rating: moderate Cross-References: CVE-2026-35580 CVE-2026-35582 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2026:20528-1 Security update for Botan

This update for Botan fixes the following issues: - CVE-2026-34582: Fixed a client authentication bypass in TLS 1.3 implementation bsc1261880...

OPENSUSE-SU-2026:10540-1 Botan-3.11.1-1.1 on GA media

These are all security issues fixed in the Botan-3.11.1-1.1 package on the GA media of openSUSE Tumbleweed...