CVE-2024-34702 in botan
Summary
by MITRE • 07/08/2024
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/06/2025
The vulnerability CVE-2024-34702 affects the Botan cryptography library, a widely-used C++ implementation for cryptographic operations including X.509 certificate handling. This issue specifically targets the processing of X.509 certificate name constraints, which are used to limit the names that can be present in certificates issued by a particular certificate authority. The flaw manifests when certificates employ elliptic curve identification through either object identifiers or explicit parameter encoding, creating a complex validation scenario that becomes computationally expensive under certain conditions.
The technical implementation flaw stems from inefficient algorithmic complexity in the name constraint validation process. When processing X.509 certificates containing numerous SubjectAlternativeName entries alongside CA certificates with extensive name constraints, the library exhibits quadratic time complexity behavior O(n²) where n represents the number of names and constraints involved. This computational inefficiency occurs because the validation routine performs nested iterations through both the certificate names and constraint sets without optimal optimization strategies. The vulnerability is categorized under CWE-798 as it represents a potential for excessive resource consumption through algorithmic complexity manipulation.
The operational impact of this vulnerability presents a significant denial of service risk to systems relying on Botan for certificate validation. An attacker could craft malicious certificate chains with deliberately inflated SubjectAlternativeName entries and corresponding extensive name constraints in the issuing CA certificates. When such certificates are processed by vulnerable Botan versions, the quadratic complexity causes dramatic performance degradation or complete system hang, effectively preventing legitimate certificate validation operations. This attack vector is particularly dangerous in high-throughput environments such as web servers, email systems, or any application processing certificate chains, where the denial of service could disrupt critical services for extended periods.
The mitigation strategy involves upgrading to Botan version 3.5.0 or applying the partial backport available in version 2.19.5, which includes optimized name constraint validation algorithms. System administrators should prioritize updating their Botan implementations across all environments where certificate validation occurs, particularly in production systems handling certificate chains from untrusted sources. Additional defensive measures include implementing certificate validation timeouts, monitoring for unusual certificate processing patterns, and establishing certificate chain validation limits to prevent exploitation of this vulnerability in environments where immediate upgrades are not feasible. This vulnerability aligns with ATT&CK technique T1499.001 for resource exhaustion attacks, specifically targeting the availability of cryptographic validation services through computational complexity manipulation.