High severityNVD Advisory· Published Sep 13, 2023· Updated Sep 12, 2024
BER/CER/DER decoder panics on invalid input
CVE-2023-39914
Description
NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bcdercrates.io | < 0.7.3 | 0.7.3 |
Affected products
2- NLnet Labs/bcderv5Range: *
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6jmw-6mxw-w4jcghsaADVISORY
- nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txtghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-39914ghsaADVISORY
- github.com/NLnetLabs/bcder/commit/4da91c3fd853e3d466d8581cf1d82b7f3255de56ghsaWEB
- rustsec.org/advisories/RUSTSEC-2023-0062.htmlghsaWEB
News mentions
0No linked articles in our index yet.