3 matches found
CVE-2026-32877
Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3 failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read o...
CVE-2026-23966
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...
CLSA-2023-1699439565 openssl: Fix of CVE-2021-3711
CVE-2021-3711: Fix an incorrect buffer size calculation leads to an overflow - Check the plaintext buffer is large enough when decrypting SM2 - Add extended tests for SM2...