Description
Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which prohibits indefinite length encodings. This vulnerability is fixed in 3.12.0.
Published: 2026-05-27
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Botan is a widely used C++ cryptography library. In versions earlier than 3.12.0, the parser accepted certain indefinite length encodings in BER data, even within structures that must be DER encoded. This misuse caused the parser to exhibit quadratic time complexity, meaning an attacker could craft BER input that would make the library consume excessive CPU and memory, leading to service interruption. The weakness is classified as CWE‑407, reflecting an inefficient algorithm that degrades performance.

Affected Systems

The affected product is the Botan library from the vendor randombit. All releases prior to 3.12.0 are vulnerable. Systems that integrate Botan for cryptographic operations—such as application servers, network devices, or any software that processes ASN.1 data—could be impacted if they use these older versions.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. Although the EPSS score is unavailable, the vulnerability is exploit‑ready: an attacker only needs to supply the crafted BER input to the library, which is often impractical to do through a network interface unless the application exposes a parsing endpoint. The vulnerability is not listed in CISA's KEV, but the potential for a denial‑of‑service attack remains because the library degrades gracefully to a high CPU state rather than crashing. Consequently, the risk is significant for services that rely heavily on Botan for data processing and cannot tolerate outages.

Generated by OpenCVE AI on May 27, 2026 at 19:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Botan to version 3.12.0 or later.
  • Configure applications to reject or sanitize indefinite length BER encodings before passing data to Botan.
  • If upgrading is not immediately feasible, isolate Botan‑dependent components and monitor CPU usage for anomalous spikes indicative of exploitation.

Generated by OpenCVE AI on May 27, 2026 at 19:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Randombit
Randombit botan
Vendors & Products Randombit
Randombit botan

Wed, 27 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which prohibits indefinite length encodings. This vulnerability is fixed in 3.12.0.
Title Botan: Quadratic complexity decoding BER indefinite length encodings
Weaknesses CWE-407
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Randombit Botan
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-27T19:21:23.552Z

Reserved: 2026-05-05T20:15:20.631Z

Link: CVE-2026-44378

cve-icon Vulnrichment

Updated: 2026-05-27T19:21:11.534Z

cve-icon NVD

Status : Received

Published: 2026-05-27T18:16:23.470

Modified: 2026-05-27T18:16:23.470

Link: CVE-2026-44378

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T03:30:05Z

Weaknesses