NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.
History

Thu, 12 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 11 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-228

Wed, 11 Sep 2024 15:45:00 +0000

Type Values Removed Values Added
Description NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding. NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.
Weaknesses CWE-232
CWE-240

cve-icon MITRE

Status: PUBLISHED

Assigner: NLnet Labs

Published: 2023-09-13T14:17:49.204Z

Updated: 2024-09-12T13:22:36.893Z

Reserved: 2023-08-07T11:55:17.843Z

Link: CVE-2023-39914

cve-icon Vulnrichment

Updated: 2024-09-12T13:22:32.617Z

cve-icon NVD

Status : Modified

Published: 2023-09-13T15:15:07.657

Modified: 2024-09-11T16:15:04.547

Link: CVE-2023-39914

cve-icon Redhat

No data.