Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Botan: Heap Buffer Over-read in SM2 Decryption via Undersized C3 Hash Field
Vulnerability Description
Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read of up to 31 bytes, resulting in a crash or potentially other undefined behavior. This issue has been patched in version 3.11.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Vulnerability Type
跨界内存读
Vulnerability Title
Botan 缓冲区错误漏洞
Vulnerability Description
Botan是Jack Lloyd个人开发者的一个C++加密库。 Botan 2.3.0至3.11.0之前版本存在缓冲区错误漏洞,该漏洞源于SM2解密过程中未检查认证码值的预期长度,可能导致堆过度读取,引发崩溃或其他未定义行为。
CVSS Information
N/A
Vulnerability Type
N/A