Harutokimura

**Name of the Vulnerable Software and Affected Versions** Botan versions 2.3.0 through 3.10.9 **Description** Botan is a C++ cryptography library. During SM2 decryption, the code that checks the authentication code value (C3) does not verify the encoded value's length before comparison. This can lead to a heap over-read of up to 31 bytes from an invalid ciphertext, potentially causing a crash or undefined behavior. **Recommendations** Update to version 3.11.0 or later.

**Name of the Vulnerable Software and Affected Versions** Botan versions 3.0.0 through 3.10.9 **Description** Botan is a C++ cryptography library. During X509 path validation, versions prior to 3.11.0 did not verify the signature of Online Certificate Status Protocol (OCSP) responses, only checking for an appropriate status code. This could allow a man-in-the-middle (MitM) attack to bypass certificate revocation checks. **Recommendations** Update to Botan version 3.11.0 or later.

**Name of the Vulnerable Software and Affected Versions** Botan versions prior to 3.11.0 **Description** Botan is a C++ cryptography library. When processing X.509 certificate paths with DNS name constraints, a case-sensitive comparison of the Common Name (CN) allowed a certificate to bypass restrictions. Specifically, if an end-entity certificate lacked Subject Alternative Names, Botan incorrectly checked the CN against DNS name constraints, failing to account for mixed-case CNs. This allowed a certificate with a mixed-case CN, like `Sub.EVIL.COM`, to bypass an `excludedSubtrees` constraint for `evil.com`. This behavior violates RFC 5280 standards. **Recommendations** Update to version 3.11.0 or later.