CVE-2026-44378

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,9

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which prohibits indefinite length encodings. This vulnerability is fixed in 3.12.0.

407

Inefficient Algorithmic Complexity

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability

Potential Impacts:

Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Low

View CWE Details

https://github.com/randombit/botan/security/advisories/GHSA…

https://github.com/randombit/botan/security/advisories/GHSA-7q2v-3g27-6g3j

CVE-2026-44378

Description

Inefficient Algorithmic Complexity

Common Consequences

Applicable Platforms

Iscriviti alla newsletter