What is CVE-2023-39914?

CVE-2023-39914 is a vulnerability in NLnet Labs' bcder library up to and including version 0.7.2 that can cause the library to panic while decoding certain invalid input data.

What is the severity of CVE-2023-39914?

CVE-2023-39914 has a severity rating of 7.5 (high).

How can CVE-2023-39914 affect my system?

CVE-2023-39914 can affect both the actual decoding stage and accessing content of types that utilize delayed decoding.

How do I know if my system is affected by CVE-2023-39914?

If you are using NLnet Labs' bcder library version 0.7.2 or earlier, your system may be affected by CVE-2023-39914.

How can I fix CVE-2023-39914?

To fix CVE-2023-39914, update your bcder library to version 0.7.3 or later.

vuln-group

CVE-2023-39914

Severity: high (7.5)

First published: Wed Sep 13 2023

Last modified: Fri Sep 15 2023

CWE: 228

NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

Any of

rust/bcder
<0.7.3
fixed in: 0.7.3
Nlnetlabs Bcder
<0.7.3

FAQ

What is CVE-2023-39914?
CVE-2023-39914 is a vulnerability in NLnet Labs' bcder library up to and including version 0.7.2 that can cause the library to panic while decoding certain invalid input data.
What is the severity of CVE-2023-39914?
CVE-2023-39914 has a severity rating of 7.5 (high).
How can CVE-2023-39914 affect my system?
CVE-2023-39914 can affect both the actual decoding stage and accessing content of types that utilize delayed decoding.
How do I know if my system is affected by CVE-2023-39914?
If you are using NLnet Labs' bcder library version 0.7.2 or earlier, your system may be affected by CVE-2023-39914.
How can I fix CVE-2023-39914?
To fix CVE-2023-39914, update your bcder library to version 0.7.3 or later.