Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-44378

CVE-2026-44378: Botan C++ Library DoS Vulnerability

CVE-2026-44378 is a denial of service flaw in Botan C++ cryptography library caused by quadratic parser behavior with indefinite length BER encodings. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-44378 Overview

CVE-2026-44378 is a denial of service vulnerability in the Botan C++ cryptography library affecting versions prior to 3.12.0. The flaw exists in the Basic Encoding Rules (BER) parser, which exhibits quadratic algorithmic complexity when processing certain patterns of indefinite length encodings. An attacker can supply crafted BER data to trigger excessive CPU consumption in applications that use Botan for parsing ASN.1 structures. The parser also accepts indefinite length encodings inside structures required to use Distinguished Encoding Rules (DER), which forbid such encodings. The issue is tracked under CWE-407: Inefficient Algorithmic Complexity and is fixed in Botan 3.12.0.

Critical Impact

Remote attackers can cause denial of service against any application that parses untrusted BER or DER input using a vulnerable Botan version, including TLS, X.509, and PKCS handling paths.

Affected Products

  • Botan C++ cryptography library versions prior to 3.12.0
  • Applications linking against vulnerable Botan releases for ASN.1, X.509, or PKCS parsing
  • Network services exposing TLS or certificate validation backed by Botan

Discovery Timeline

  • 2026-05-27 - CVE-2026-44378 published to NVD
  • 2026-05-27 - Last updated in NVD database

Technical Details for CVE-2026-44378

Vulnerability Analysis

The vulnerability resides in Botan's BER decoder. BER allows constructed values to use indefinite length encoding, where a value is terminated by an end-of-contents marker rather than a declared length. Specific arrangements of nested or repeated indefinite length elements cause the parser to perform work that scales quadratically with input size. An attacker submitting a small, crafted payload can therefore consume disproportionate CPU time, blocking other requests on the affected process.

The parser additionally fails to enforce the DER subset rules. DER prohibits indefinite length encodings, but the affected versions accept them inside contexts that mandate DER. This expands the attack surface to X.509 certificate parsing, PKCS structures, and TLS handshake messages that are nominally DER-encoded.

Root Cause

The root cause is inefficient algorithmic complexity in the BER decoding routines when handling indefinite length forms. Length and structure traversal does not bound per-element work relative to the total input size, producing O(n²) behavior for adversarial inputs.

Attack Vector

Exploitation is network reachable and requires no authentication or user interaction. Any endpoint that decodes attacker-controlled BER or DER data using vulnerable Botan code is exposed. Typical paths include TLS servers and clients performing certificate chain validation, S/MIME or CMS processors, and applications consuming PKCS#7, PKCS#8, or PKCS#12 blobs.

No verified public exploit code is available. Technical details are documented in the Botan GitHub Security Advisory GHSA-7q2v-3g27-6g3j.

Detection Methods for CVE-2026-44378

Indicators of Compromise

  • Sustained high CPU utilization in processes linked against Botan during ASN.1, certificate, or TLS handshake parsing
  • Inbound connections delivering unusually large or deeply nested BER structures, or DER fields containing indefinite length markers (0x80)
  • Repeated TLS handshakes or certificate submissions from the same source that correlate with worker thread stalls

Detection Strategies

  • Inventory binaries and packages depending on libbotan-3 and flag versions earlier than 3.12.0
  • Inspect ASN.1 traffic for indefinite length encodings appearing inside contexts that should be DER-only, such as X.509 certificates
  • Establish CPU-time baselines for cryptographic services and alert on outliers triggered by single requests

Monitoring Recommendations

  • Forward process CPU, latency, and crash telemetry from services using Botan to a centralized analytics platform for anomaly detection
  • Enable request-level logging on TLS terminators and certificate validators to retain payload metadata for forensic review
  • Track upstream Botan releases and apply software composition analysis to detect vulnerable transitive dependencies

How to Mitigate CVE-2026-44378

Immediate Actions Required

  • Upgrade Botan to version 3.12.0 or later across all systems and rebuild dependent applications against the patched library
  • Audit third-party software bills of materials for embedded copies of Botan and coordinate vendor updates
  • Apply request size limits and CPU time quotas to services that parse untrusted ASN.1 input until patching completes

Patch Information

The fix is included in Botan 3.12.0. The patch corrects the parser's handling of indefinite length BER encodings and rejects them in DER-only contexts. Refer to the Botan GitHub Security Advisory GHSA-7q2v-3g27-6g3j for upstream commit references and release notes.

Workarounds

  • Restrict the size of accepted ASN.1, certificate, and PKCS payloads at the network or application boundary
  • Place rate limits and per-client CPU ceilings on services that decode attacker-supplied cryptographic structures
  • Where feasible, reject inputs containing the indefinite length marker (0x80) in DER-mandated fields prior to passing them to Botan

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne