Botan · Botan · CVE-2026-44378
**Name of the Vulnerable Software and Affected Versions**
Botan versions prior to 3.12.0
**Description**
Certain patterns of indefinite length encodings in Basic Encoding Rules (BER) data can cause quadratic behavior in the parser, leading to a denial of service. These BER encodings were accepted even in structures required to be encoded as Distinguished Encoding Rules (DER), which specifically prohibit indefinite length encodings.
**Recommendations**
Update to version 3.12.0.