CVE-2026-44378
Botan: Quadratic complexity decoding BER indefinite length encodings
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which prohibits indefinite length encodings. This vulnerability is fixed in 3.12.0.
| CWE | CWE-407 |
| Vendor | randombit |
| Product | botan |
| Published | May 27, 2026 |
| Last Updated | May 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for randombit botan
Be the first to know when new unknown vulnerabilities affecting randombit botan are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
randombit / botan
< 3.12.0