3 matches found
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SM2 decryption process due to improper validation of the encoded C3 hash field length prior to comparison. An attacker can cause a heap buffer over-read, potentially leading to a crash or other undefined...
EUVD-2026-17210
Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3 failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read o...
CVE-2026-23966
CVE-2026-23966 (sm-crypto) affects the JavaScript library implementing SM2/SM3/SM4. The vulnerability resides in the SM2 decryption logic, where an attacker can recover the private key by repeatedly invoking the SM2 decryption interface. The issue exists in versions prior to 0.3.14; version 0.3.1...