{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/heap-overread/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2026-32877"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve","vulnerability","heap-overread","botan"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eBotan is a C++ cryptography library. A vulnerability exists in versions 2.3.0 to prior to 3.11.0 related to SM2 decryption. The flaw lies in the insufficient validation of the authentication code value (C3) length before comparison. An invalid ciphertext can trigger a heap over-read of up to 31 bytes, potentially causing a crash or other undefined behavior. This vulnerability, identified as CVE-2026-32877, can be exploited if the application using the library processes attacker-controlled…\u003c/p\u003e\n","date_modified":"2026-03-30T21:17:09Z","date_published":"2026-03-30T21:17:09Z","id":"/briefs/2026-03-botan-sm2-heap-overread/","summary":"Botan C++ cryptography library versions 2.3.0 before 3.11.0 are vulnerable to a heap over-read during SM2 decryption due to insufficient validation of the authentication code length, potentially leading to crashes or undefined behavior.","title":"Botan SM2 Decryption Heap Over-read Vulnerability (CVE-2026-32877)","url":"https://feed.craftedsignal.io/briefs/2026-03-botan-sm2-heap-overread/"}],"language":"en","title":"CraftedSignal Threat Feed — Heap-Overread","version":"https://jsonfeed.org/version/1.1"}