Description
Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read of up to 31 bytes, resulting in a crash or potentially other undefined behavior. This issue has been patched in version 3.11.0.
Published: 2026-03-30
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Heap Buffer Over-read Leading to Crash or Undefined Behavior
Action: Upgrade
AI Analysis

Impact

The vulnerability in the Botan cryptography library occurs during SM2 decryption. A check that verifies the size of the authentication code (C3) is omitted, so an attacker can supply a ciphertext that is too short and force the library to read beyond the intended buffer. This heap over‑read can reach 31 bytes and results in a crash or other undefined behavior, potentially producing a denial‑of‑service effect.

Affected Systems

All releases of Botan from version 2.3.0 up to, but not including, 3.11.0 are affected. The vulnerability appears in the SM2 decryption routine used by any application that links to the library.

Risk and Exploitability

The CVSS score of 8.2 signals high severity. The EPSS score is less than 1 % and the vulnerability is not listed in CISA’s KEV catalog. A successful exploitation requires an attacker to supply a malformed SM2 ciphertext to a component that uses Botan for decryption. The impact is limited to an application crash or other undefined behavior; no direct privilege escalation or data compromise is described in the advisory.

Generated by OpenCVE AI on April 13, 2026 at 16:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Botan to version 3.11.0 or later
  • Avoid processing untrusted SM2 ciphertext until the library is updated

Generated by OpenCVE AI on April 13, 2026 at 16:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Botan Project
Botan Project botan
CPEs cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
Vendors & Products Botan Project
Botan Project botan

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1284
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Randombit
Randombit botan
Vendors & Products Randombit
Randombit botan

Tue, 31 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read of up to 31 bytes, resulting in a crash or potentially other undefined behavior. This issue has been patched in version 3.11.0.
Title Botan: Heap Buffer Over-read in SM2 Decryption via Undersized C3 Hash Field
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H'}

Subscriptions

Botan Project Botan
Randombit Botan
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-31T15:26:01.443Z

Reserved: 2026-03-16T21:03:44.420Z

Link: CVE-2026-32877

cve-icon Vulnrichment

Updated: 2026-03-31T15:25:57.736Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T21:17:09.767

Modified: 2026-04-13T13:57:30.477

Link: CVE-2026-32877

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-30T20:36:43Z

Links: CVE-2026-32877 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:42:30Z

Weaknesses