GHSA-6jmw-6mxw-w4jc

Suggest an improvement
Source
https://github.com/advisories/GHSA-6jmw-6mxw-w4jc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-6jmw-6mxw-w4jc/GHSA-6jmw-6mxw-w4jc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6jmw-6mxw-w4jc
Aliases
Published
2023-09-13T15:31:14Z
Modified
2024-09-11T18:45:42Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
BER/CER/DER decoder panics on invalid input
Details

NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

Database specific 
{
    "nvd_published_at": "2023-09-13T15:15:07Z",
    "cwe_ids": [
        "CWE-228",
        "CWE-232"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-14T16:41:57Z"
}
References

Affected packages

crates.io / bcder

Package

Name
bcder
View open source insights on deps.dev
Purl
pkg:cargo/bcder

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.3