SB2026041810 - Fedora EPEL 10.3 update for botan3

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026041810

SB2026041810 - Fedora EPEL 10.3 update for botan3

Published: April 18, 2026

Security Bulletin ID SB2026041810
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 40% Medium 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2026-32877)

The vulnerability allows a remote attacker to cause a denial of service and disclose sensitive information.

The vulnerability exists due to out-of-bounds read in the SM2 decryption authentication code value (C3) check when processing a crafted SM2 ciphertext with an undersized C3 hash field. A remote attacker can send a specially crafted SM2 ciphertext to cause a denial of service and disclose sensitive information.

The over-read is limited to up to 31 bytes and may result in other undefined behavior.


2) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-32883)

The vulnerability allows a remote attacker to bypass certificate revocation checks.

The vulnerability exists due to improper verification of cryptographic signature in OCSP response verification during X509 path validation when processing OCSP responses. A remote attacker can tamper with an OCSP response body to bypass certificate revocation checks.

Exploitation requires a machine-in-the-middle position between a Botan-based client and an OCSP responder.


3) Improper Certificate Validation (CVE-ID: CVE-2026-32884)

The vulnerability allows a remote attacker to bypass DNS name constraints enforcement.

The vulnerability exists due to improper certificate validation in X.509 certificate path processing when validating a certificate chain with DNS excludedSubtrees constraints and an end-entity certificate that has a mixed-case CN and no subject alternative name. A remote attacker can present a specially crafted certificate to bypass DNS name constraints enforcement.

This issue is relevant when nameConstraints are used to restrict allowable DNS names.


4) Improper Certificate Validation (CVE-ID: CVE-2026-34580)

The vulnerability allows a remote attacker to bypass X.509 certificate verification.

The vulnerability exists due to improper certificate validation in Certificate_Store::certificate_known and path validation logic when processing a presented end entity certificate. A remote attacker can present a crafted certificate with a distinguished name and subject key identifier matching a trusted root to bypass X.509 certificate verification.

The issue occurs because the certificate lookup logic treated matching certificate attributes as if the certificates were identical, causing the end entity certificate to be accepted as a trusted root.


5) Improper Enforcement of Behavioral Workflow (CVE-ID: CVE-2026-34582)

The vulnerability allows a remote attacker to bypass client certificate authentication.

The vulnerability exists due to improper enforcement of behavioral workflow in the TLS 1.3 implementation when processing ApplicationData records before completion of the handshake. A remote attacker can send application data records before the Finished message to bypass client certificate authentication.

This affects servers attempting to enforce client authentication via certificates, and exploitation involves omitting the Certificate, CertificateVerify, and Finished messages.


Remediation

Install update from vendor's website.

References