CVE-2026-32877
Published: 30 March 2026
Summary
CVE-2026-32877 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Botan Project Botan. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and patching of flaws such as the heap over-read vulnerability in Botan SM2 decryption triggered by invalid ciphertext lengths.
Enforces validation of input ciphertexts prior to SM2 decryption to block malformed C3 values that bypass length checks in vulnerable Botan versions.
Implements memory protection mechanisms like randomization and non-executable heaps to mitigate exploitation of the heap over-read during Botan SM2 decryption.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated OOB read in SM2 decryption path directly enables exploitation of public-facing apps (T1190) and causes application crashes for DoS (T1499.004).
NVD Description
Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to comparison.…
more
An invalid ciphertext can cause a heap over-read of up to 31 bytes, resulting in a crash or potentially other undefined behavior. This issue has been patched in version 3.11.0.
Deeper analysisAI
CVE-2026-32877 is a vulnerability in Botan, a C++ cryptography library, affecting versions from 2.3.0 up to but not including 3.11.0. The issue occurs during SM2 decryption, where the code responsible for verifying the authentication code value (C3) does not check if the encoded value matches the expected length before performing the comparison. This flaw enables an invalid ciphertext to trigger a heap over-read of up to 31 bytes, potentially leading to a crash or other undefined behavior. The vulnerability is classified under CWE-125 (Out-of-bounds Read) with a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By supplying a specially crafted invalid ciphertext to an application using the affected Botan versions for SM2 decryption, the attacker can induce a heap over-read. This results in high availability impact through application crashes, low confidentiality impact from potential information disclosure via the over-read, and no integrity impact, though undefined behavior could lead to further consequences depending on the context.
The Botan project has addressed this issue in version 3.11.0, where the decryption code now properly validates the length of the C3 value prior to comparison. Security practitioners should upgrade to Botan 3.11.0 or later. Additional details are available in the project's security advisory at https://github.com/randombit/botan/security/advisories/GHSA-7jj6-4r42-w9h6.
Details
- CWE(s)