The vulnerability CVE-2026-32877 resides in the Botan cryptography library, specifically in the SM2 decryption implementation. Botan versions from 2.3.0 through 3.10.x fail to validate the length of the authentication code (C3) in the ciphertext before comparing it during decryption. This improper validation leads to an out-of-bounds read (heap over-read) of up to 31 bytes when an attacker supplies a malformed ciphertext. The flaw is classified under CWE-125 (Out-of-bounds Read). The heap over-read can cause the application using Botan to crash or exhibit undefined behavior, which might be leveraged for denial-of-service attacks or potentially other memory corruption consequences depending on the context. The vulnerability is remotely exploitable without requiring privileges or user interaction, increasing its risk profile. The issue was addressed and patched in Botan version 3.11.0. No public exploits or active exploitation have been reported to date. The vulnerability has a CVSS v3.1 base score of 8.2, reflecting its high severity due to ease of exploitation and impact on availability.

The primary impact of this vulnerability is the potential for denial-of-service (DoS) conditions caused by application crashes due to heap over-reads. Systems relying on Botan for SM2 cryptographic operations, such as secure communications, digital signatures, or encryption, may become unstable or unavailable if targeted with crafted invalid ciphertexts. While the vulnerability does not directly disclose sensitive information (confidentiality impact is low), the undefined behavior from memory corruption could theoretically be leveraged for further exploitation depending on the application context. This risk is heightened in environments where Botan is embedded in critical infrastructure, security appliances, or widely used software libraries. The lack of authentication or user interaction requirements means attackers can remotely trigger the issue, increasing the threat surface. Organizations using affected Botan versions should consider the potential for service disruption and the indirect risks posed by memory safety violations.

The definitive mitigation is to upgrade all Botan library deployments to version 3.11.0 or later, where the vulnerability has been patched. For organizations unable to immediately upgrade, applying custom patches or backported fixes that validate the length of the authentication code (C3) before comparison can reduce risk. Additionally, implementing input validation and sanitization at higher application layers to detect and reject malformed ciphertexts can help prevent exploitation. Employing runtime protections such as memory safety tools (e.g., AddressSanitizer) during development and testing can detect out-of-bounds reads early. Monitoring application logs for crashes or anomalies related to SM2 decryption operations may provide early warning of exploitation attempts. Network-level controls to restrict or monitor traffic carrying SM2 ciphertexts from untrusted sources can also reduce exposure. Finally, maintain an inventory of software components using Botan to ensure timely patch management.