UBUNTU-CVE-2023-39914

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-39914

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-39914.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-39914

Related

CVE-2023-39914

Published

2023-09-13T15:15:00Z

Modified

2024-10-15T14:11:42Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

References

Affected packages

Ubuntu:24.10 / rust-bcder

Package

Name: rust-bcder
Purl: pkg:deb/ubuntu/rust-bcder?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.3-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.7.3-1",
            "binary_name": "librust-bcder-dev"
        }
    ]
}

Ubuntu:24.04:LTS / rust-bcder

Package

Name: rust-bcder
Purl: pkg:deb/ubuntu/rust-bcder?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.6.1-1

0.7.3-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}