RUSTSEC-2023-0062

Source
https://rustsec.org/advisories/RUSTSEC-2023-0062
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0062.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2023-0062
Aliases
Published
2023-09-13T12:00:00Z
Modified
2024-02-10T15:57:43Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
BER/CER/DER decoder panics on invalid input
Details

Due to insufficient checking of input data, decoding certain data sequences can lead to bcder panicking rather than returning an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

bcder 0.7.3 fixes these issues by more thoroughly checking inputs and returning errors as expected.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / bcder

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.7.3

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "denial-of-service"
    ]
}