CVE-2026-32877

Name of the Vulnerable Software and Affected Versions Botan versions 2.3.0 through 3.10.9

Description Botan is a C++ cryptography library. During SM2 decryption, the code that checks the authentication code value (C3) does not verify the encoded value's length before comparison. This can lead to a heap over-read of up to 31 bytes from an invalid ciphertext, potentially causing a crash or undefined behavior.

Recommendations Update to version 3.11.0 or later.