Description
Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read of up to 31 bytes, resulting in a crash or potentially other undefined behavior. This issue has been patched in version 3.11.0.
Published: 2026-03-30
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Heap buffer over‑read that can cause a crash or other undefined behavior
Action: Patch
AI Analysis

Impact

The vulnerability resides in the SM2 decryption routine of the Botan cryptographic library. It stems from a missing validation of the C3 authentication code length before comparison. Maliciously crafted ciphertexts with an undersized C3 field can trigger a heap over‑read of up to 31 bytes, leading to an application crash or other undefined behavior.

Affected Systems

RandomBit Botan library versions 2.3.0 through 3.10.x are affected. The flaw has been fixed in Botan 3.11.0 and later.

Risk and Exploitability

With a CVSS score of 8.2, the vulnerability is considered high severity. EPSS data is not available and the issue is not listed in the KEV catalog, but the potential for a crash or memory corruption could be exploited by an attacker providing a malformed SM2 ciphertext. The attack vector is likely through any application that accepts SM2 ciphertexts from untrusted sources. Upgrading to the patched version mitigates this risk.

Generated by OpenCVE AI on March 31, 2026 at 05:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Botan version 3.11.0 or later.
  • If an upgrade cannot be performed immediately, validate SM2 ciphertexts to ensure the C3 hash field matches the expected length before invoking decryption.
  • Monitor for crashes or abnormal behaviour related to SM2 decryption and apply updates as soon as possible.

Generated by OpenCVE AI on March 31, 2026 at 05:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Randombit
Randombit botan
Vendors & Products Randombit
Randombit botan

Tue, 31 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read of up to 31 bytes, resulting in a crash or potentially other undefined behavior. This issue has been patched in version 3.11.0.
Title Botan: Heap Buffer Over-read in SM2 Decryption via Undersized C3 Hash Field
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H'}

Subscriptions

Randombit Botan
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-31T15:26:01.443Z

Reserved: 2026-03-16T21:03:44.420Z

Link: CVE-2026-32877

cve-icon Vulnrichment

Updated: 2026-03-31T15:25:57.736Z

cve-icon NVD

Status : Received

Published: 2026-03-30T21:17:09.767

Modified: 2026-03-30T21:17:09.767

Link: CVE-2026-32877

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:40:03Z

Weaknesses