GHSA-6jmw-6mxw-w4jc

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-6jmw-6mxw-w4jc/GHSA-6jmw-6mxw-w4jc.json

Aliases

CVE-2023-39914 ( RUSTSEC-2023-0062 )

Published

2023-09-13T15:31:14Z

Modified

2023-09-14T16:41:57Z

Details

NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-39914
https://github.com/NLnetLabs/bcder/commit/4da91c3fd853e3d466d8581cf1d82b7f3255de56
https://github.com/NLnetLabs/bcder
https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt
https://rustsec.org/advisories/RUSTSEC-2023-0062.html

Affected packages

crates.io / bcder

Source Details

Package Name: bcder

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.7.3

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}