AIKIDO-2026-10395
randombit.botan is vulnerable to Out-of-bound read
53
Medium Risk
This Affects:
randombit.botanTL;DR
Affected versions of this package are vulnerable to a memory safety issue due to insufficient validation of input data during parsing of cryptographic structures. Malformed or specially crafted input may bypass expected bounds checks, leading to out-of-bounds memory access or excessive resource consumption. An attacker able to supply such input, for example via certificates or encoded parameters, could trigger crashes or undefined behavior in applications using the library. The issue is addressed by introducing stricter validation and bounds checking before processing input data.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
randombit.botan is vulnerable to Out-of-bound read in versions 0.0.1 - 3.10.0.
How to fix this
Upgrade the randombit.botan library to a patch version.
Links
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant