Severity: high (7.5)
First published: Wed Sep 13 2023
Last modified: Thu Sep 14 2023
NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.
The vulnerability ID for this vulnerability is GHSA-6jmw-6mxw-w4jc.
The severity of GHSA-6jmw-6mxw-w4jc is high with a CVSS score of 7.5.
NLnet Labs’ bcder library up to and including version 0.7.2 is affected by this vulnerability.
To fix GHSA-6jmw-6mxw-w4jc, upgrade the bcder library to version 0.7.3 or later.
The Common Weakness Enumeration (CWE) ID for GHSA-6jmw-6mxw-w4jc is CWE-228.