{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39914", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "state": "PUBLISHED", "assignerShortName": "NLnet Labs", "dateReserved": "2023-08-07T11:55:17.843Z", "datePublished": "2023-09-13T14:17:49.204Z", "dateUpdated": "2024-09-12T13:22:36.893Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "bcder", "vendor": "NLnet Labs", "versions": [{"lessThan": "0.7.3", "status": "affected", "version": "*", "versionType": "semver"}, {"lessThan": "*", "status": "unaffected", "version": "0.7.3", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Haya Shulman"}, {"lang": "en", "type": "finder", "value": "Donika Mirdita"}, {"lang": "en", "type": "finder", "value": "Niklas Vogel"}], "datePublic": "2023-09-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding."}], "metrics": [{"cvssV3_1": {"baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-232", "description": "CWE-232: Improper Handling of Undefined Values", "lang": "en", "type": "CWE"}, {"cweId": "CWE-240", "description": "CWE-240: Improper Handling of Inconsistent Structural Elements", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2024-09-11T15:34:05.255Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt"}], "solutions": [{"lang": "en", "value": "This issue is fixed in 0.7.3 and all later versions."}], "timeline": [{"lang": "en", "time": "2023-07-19T18:00:00.000Z", "value": "Issue reported by Haya Shulman"}, {"lang": "en", "time": "2023-09-13T14:00:00.000Z", "value": "Fixes released"}], "title": "BER/CER/DER decoder panics on invalid input"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:18:10.086Z"}, "title": "CVE Program Container", "references": [{"url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt", "tags": ["vendor-advisory", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T13:22:23.054203Z", "id": "CVE-2023-39914", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T13:22:36.893Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39914", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-12T13:22:23.054203Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-12T13:22:32.617Z"}}], "cna": {"title": "BER/CER/DER decoder panics on invalid input", "credits": [{"lang": "en", "type": "finder", "value": "Haya Shulman"}, {"lang": "en", "type": "finder", "value": "Donika Mirdita"}, {"lang": "en", "type": "finder", "value": "Niklas Vogel"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NLnet Labs", "product": "bcder", "versions": [{"status": "affected", "version": "*", "lessThan": "0.7.3", "versionType": "semver"}, {"status": "unaffected", "version": "0.7.3", "lessThan": "*", "versionType": "semver"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-07-19T18:00:00.000Z", "value": "Issue reported by Haya Shulman"}, {"lang": "en", "time": "2023-09-13T14:00:00.000Z", "value": "Fixes released"}], "solutions": [{"lang": "en", "value": "This issue is fixed in 0.7.3 and all later versions."}], "datePublic": "2023-09-13T00:00:00.000Z", "references": [{"url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-232", "description": "CWE-232: Improper Handling of Undefined Values"}, {"lang": "en", "type": "CWE", "cweId": "CWE-240", "description": "CWE-240: Improper Handling of Inconsistent Structural Elements"}]}], "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2024-09-11T15:34:05.255Z"}}}, "cveMetadata": {"cveId": "CVE-2023-39914", "state": "PUBLISHED", "dateUpdated": "2024-09-11T15:34:05.255Z", "dateReserved": "2023-08-07T11:55:17.843Z", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "datePublished": "2023-09-13T14:17:49.204Z", "assignerShortName": "NLnet Labs"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nlnetlabs:bcder:*:*:*:*:*:*:*:*", "matchCriteriaId": "01667F69-EC35-4FDC-96BE-E633C2F494C4", "versionEndExcluding": "0.7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding."}, {"lang": "es", "value": "La biblioteca bder de NLnet Labs hasta la versi\u00f3n 0.7.2 incluida entra en p\u00e1nico al decodificar ciertos datos de entrada no v\u00e1lidos en lugar de rechazar los datos con un error. Esto puede afectar tanto a la etapa de decodificaci\u00f3n real como al acceso a contenidos de tipos que utilizaron decodificaci\u00f3n retrasada."}], "id": "CVE-2023-39914", "lastModified": "2024-11-21T08:16:01.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sep@nlnetlabs.nl", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-13T15:15:07.657", "references": [{"source": "sep@nlnetlabs.nl", "tags": ["Vendor Advisory"], "url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt"}], "sourceIdentifier": "sep@nlnetlabs.nl", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-232"}, {"lang": "en", "value": "CWE-240"}], "source": "sep@nlnetlabs.nl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}