PT-2026-42855 · Botan · Botan
Yt Sun
·
Published
2026-05-12
·
Updated
2026-05-27
·
CVE-2026-44378
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Botan versions prior to 3.12.0
Description
Certain patterns of indefinite length encodings in Basic Encoding Rules (BER) data can cause quadratic behavior in the parser, leading to a denial of service. These BER encodings were accepted even in structures required to be encoded as Distinguished Encoding Rules (DER), which specifically prohibit indefinite length encodings.
Recommendations
Update to version 3.12.0.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Botan