PatchSiren cyber security CVE debrief
CVE-2026-44378 randombit CVE debrief
Botan is a C++ cryptography library. Prior to version 3.12.0, the library's BER (Basic Encoding Rules) parser exhibited quadratic time complexity when processing certain patterns of indefinite length encodings. This behavior could be exploited to cause denial of service through CPU exhaustion. The vulnerability is notable because Botan accepted indefinite length encodings even in contexts where DER (Distinguished Encoding Rules) is mandated, and DER explicitly prohibits indefinite length encodings. The issue was resolved in Botan 3.12.0.
- Vendor
- randombit
- Product
- botan
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-27
- Original CVE updated
- 2026-05-27
- Advisory published
- 2026-05-27
- Advisory updated
- 2026-05-27
Who should care
Organizations running services that process cryptographic materials with Botan, particularly those handling untrusted X.509 certificates or CMS messages; developers building applications with Botan's ASN.1 parsing APIs; security teams monitoring for denial-of-service vectors in cryptographic infrastructure
Technical summary
The Botan cryptographic library's ASN.1 BER decoder contains an algorithmic complexity vulnerability. Indefinite length encodings—constructs that use end-of-contents octets rather than explicit length fields—can be nested in ways that cause the parser to exhibit O(n²) time complexity. Because DER forbids indefinite length encodings entirely, any occurrence in DER-mandated contexts represents non-conforming input that should be rejected. The vulnerability allows remote attackers to submit crafted ASN.1 structures that consume excessive CPU resources, resulting in denial of service. The attack surface includes any application using Botan to parse X.509 certificates, PKCS#7/CMS messages, or other cryptographic protocols built on ASN.1. The fix in 3.12.0 likely adds validation to reject indefinite length encodings where DER is required and/or optimizes parser state handling to prevent quadratic behavior.
Defensive priority
medium
Recommended defensive actions
- Upgrade Botan to version 3.12.0 or later to obtain the parser hardening fix
- Review application inputs that accept BER/DER encoded cryptographic data and implement size limits as defense in depth
- Monitor for unusual CPU consumption in services processing X.509 certificates, CMS messages, or other ASN.1 structures
- If immediate patching is not feasible, consider rate limiting or input size restrictions on BER/DER processing endpoints
- Audit dependencies to identify indirect Botan usage through linked libraries or cryptographic toolchains
Evidence notes
The vulnerability description indicates that malformed BER data with specific indefinite length encoding patterns triggers pathological parser behavior. The quadratic complexity suggests that input size has a superlinear relationship with processing time, making this suitable for denial-of-service attacks. The CWE-407 classification (Inefficient Algorithmic Complexity) supports this technical assessment. The fix in 3.12.0 implies input validation or parser hardening was implemented.
Official resources
-
CVE-2026-44378 CVE record
CVE.org
-
CVE-2026-44378 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-27