CVE-2026-44378 Botan: Quadratic complexity decoding BER indefinite length encodings

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

Astra Linux – Vulnerability in Botan

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or by explicitly encoding the parameters. Before versions 3.5.0 and 2.19.5, checking name constraints in X.509 certificates was quadratic in terms of the number of names and name...

EUVD-2016-7763

Malware in sbrugna...

EUVD-2015-7722

Malware in sbrugna...

EUVD-2016-7764

Malware in sbrugna...

CVE-2024-50382

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...

AZL-51707 CVE-2024-50382 affecting package botan2 2.14.0-2

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...

SUSE CVE-2015-7826

botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting .example.com as a match for bar.foo.example.com...

UBUNTU-CVE-2015-5727

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service memory consumption via unspecified vectors, related to a length field...