RUSTSEC-2023-0062

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2023-0062

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0062.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2023-0062

Aliases

Published

2023-09-13T12:00:00Z

Modified

2024-02-10T15:57:43Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

BER/CER/DER decoder panics on invalid input

Details

Due to insufficient checking of input data, decoding certain data sequences can lead to bcder panicking rather than returning an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

bcder 0.7.3 fixes these issues by more thoroughly checking inputs and returning errors as expected.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / bcder

Package

Name: bcder; View open source insights on deps.dev
Purl: pkg:cargo/bcder

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.7.3

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "denial-of-service"
    ]
}