CVE-2023-39914
First published: Wed Sep 13 2023(Updated: )
NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.
Credit: sep@nlnetlabs.nl sep@nlnetlabs.nl sep@nlnetlabs.nl
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rust/bcder | <0.7.3 | 0.7.3 |
| Nlnetlabs Bcder | <0.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-39914?
CVE-2023-39914 is a vulnerability in NLnet Labs' bcder library up to and including version 0.7.2 that can cause the library to panic while decoding certain invalid input data.
What is the severity of CVE-2023-39914?
CVE-2023-39914 has a severity rating of 7.5 (high).
How can CVE-2023-39914 affect my system?
CVE-2023-39914 can affect both the actual decoding stage and accessing content of types that utilize delayed decoding.
How do I know if my system is affected by CVE-2023-39914?
If you are using NLnet Labs' bcder library version 0.7.2 or earlier, your system may be affected by CVE-2023-39914.
How can I fix CVE-2023-39914?
To fix CVE-2023-39914, update your bcder library to version 0.7.3 or later.
- collector/github-advisory-latest
- alias/GHSA-6jmw-6mxw-w4jc
- alias/CVE-2023-39914
- collector/nvd-api
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- package-manager/rust
- vendor/nlnetlabs
- canonical/nlnetlabs bcder