CVE-2023-39914

EPSS 0.19%
Published 13.09.2023 15:15:07
Last modified 21.11.2024 08:16:01
Source sep@nlnetlabs.nl
Teams watchlist Login
Open Login

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Nlnetlabs ≫ Bcder Version < 0.7.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.407

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sep@nlnetlabs.nl	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-232 Improper Handling of Undefined Values

The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.

CWE-240 Improper Handling of Inconsistent Structural Elements

The product does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.

https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-39914

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39914

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39914

EUVD