MEDIUM
randombit
CVE published 2026-05-27
CVE-2026-44378
Botan is a C++ cryptography library. Prior to version 3.12.0, the library's BER (Basic Encoding Rules) parser exhibited quadratic time complexity when processing certain patterns of indefinite length encodings. This behavior could be exploited to cause denial of service through CPU exhaustion. The vulnerability is notable because Botan accepted indefinite length encodings even in contexts where DER (Disti [truncated]