Home / Vulnerability Intelligence / CVE-2026-32877

CVE-2026-32877 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 30, 2026

Botan - Out of Bounds Read

Published: March 30, 2026Updated: March 30, 2026Remote Exploitable

Overview

Botan 2.3.0 to < 3.11.0 contains a heap over-read caused by missing length check on SM2 decryption authentication code (C3), letting attackers cause crash or undefined behavior, exploit requires crafted invalid ciphertext.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Attackers can cause application crash or undefined behavior via heap over-read, potentially leading to denial of service.

Mitigation

Update to version 3.11.0 or later.

References

https://github.com/randombit/botan/security/advisories/GHSA-7jj6-4r42-w9h6

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-32877
Severity: High
CVSS Score: 8.2
Type: out_of_bounds_rw
Status: new

CWE

CWE-125

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H