Skip to main content

Botan EUVDEUVD-2026-32582

| CVE-2026-44378 MEDIUM
Inefficient Algorithmic Complexity (CWE-407)
2026-05-27 security-advisories@github.com
6.9
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 27, 2026 - 21:07 vuln.today
Patch available
May 27, 2026 - 19:46 EUVD

DescriptionGitHub Advisory

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which prohibits indefinite length encodings. This vulnerability is fixed in 3.12.0.

AnalysisAI

Quadratic-complexity denial of service in Botan's BER parser affects all versions prior to 3.12.0, allowing unauthenticated remote attackers to exhaust CPU resources by submitting crafted ASN.1 data. The parser accepted indefinite-length encodings even in structures required to use DER (which explicitly prohibits them), and specific patterns of such encodings trigger O(n²) algorithmic behavior. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.

Technical ContextAI

Botan is a widely used C++ cryptography library implementing TLS, X.509, PKCS structures, and related protocols. BER (Basic Encoding Rules) and DER (Distinguished Encoding Rules) are ASN.1 serialization formats foundational to PKI and cryptographic messaging; DER is a strict, canonical subset of BER that explicitly disallows indefinite-length encodings to ensure deterministic parsing. The vulnerability (CWE-407: Inefficient Algorithmic Complexity) arises because Botan's BER parser did not enforce the DER prohibition on indefinite-length encodings in contexts where only DER is valid, and the parsing logic for certain patterns of these encodings scales quadratically with input size rather than linearly. Affected versions are all Botan releases below 3.12.0, as confirmed by EUVD-2026-32582 listing 'Botan < 3.12.0'. No CPE strings were supplied in the source data.

RemediationAI

Upgrade Botan to version 3.12.0 or later, which fixes the issue by enforcing rejection of indefinite-length encodings in DER-required parsing contexts and resolving the quadratic complexity. The vendor advisory at https://github.com/randombit/botan/security/advisories/GHSA-7q2v-3g27-6g3j provides authoritative patch guidance. Patch version 3.12.0 is confirmed by the vendor advisory. If immediate upgrade is not feasible, restrict the application so that BER/DER data is only accepted from authenticated or trusted sources, reducing the unauthenticated attack surface. Additionally, impose strict size limits on ASN.1 inputs at the application or network boundary (e.g., cap certificate or CMS message size) to bound worst-case parser runtime; note this is a partial mitigation that does not eliminate the quadratic behavior. Rate-limiting connections or requests that trigger certificate or ASN.1 parsing can further reduce DoS blast radius but introduces latency trade-offs for legitimate high-volume use cases.

More in Botan

View all
CVE-2016-2195 CRITICAL
9.8 May 13

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers t

CVE-2016-2196 CRITICAL
9.8 May 13

Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cau

CVE-2017-2801 MEDIUM POC
6.5 May 24

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string compariso

CVE-2024-50383 MEDIUM POC
5.9 Oct 23

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/d

CVE-2024-50382 MEDIUM POC
5.9 Oct 23

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils

CVE-2021-40529 MEDIUM POC
5.9 Sep 06

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery

CVE-2018-12435 MEDIUM POC
5.9 Jun 15

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of

CVE-2015-7826 CRITICAL
9.8 Apr 10

botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers t

CVE-2016-6878 CRITICAL
9.8 Apr 10

The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to

CVE-2016-9132 CRITICAL
9.8 Jan 30

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect l

CVE-2021-24115 CRITICAL
9.8 Feb 22

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, ba

CVE-2018-9127 CRITICAL
9.8 Apr 02

Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as v

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise Workstation Extension 15 SP7 Fixed

Share

EUVD-2026-32582 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy