Tag
Botan C++ cryptography library versions 2.3.0 before 3.11.0 are vulnerable to a heap over-read during SM2 decryption due to insufficient validation of the authentication code length, potentially leading to crashes or undefined behavior.