High severity7.5NVD Advisory· Published May 27, 2026· Updated Jun 2, 2026

CVE-2026-44378

Description

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which prohibits indefinite length encodings. This vulnerability is fixed in 3.12.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Botan Project/Botaninferred3 versions
<3.12.0+ 2 more
- (no CPE)range: <3.12.0
- cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*range: <3.12.0
- (no CPE)range: <3.12.0

Patches

Vulnerability mechanics

References

github.com/randombit/botan/security/advisories/GHSA-7q2v-3g27-6g3jnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000