CVE-2023-39914

EPSS 0.19%
Veröffentlicht 13.09.2023 15:15:07
Zuletzt bearbeitet 21.11.2024 08:16:01
Quelle sep@nlnetlabs.nl
Teams Watchlist Login
Unerledigt Login

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nlnetlabs ≫ Bcder Version < 0.7.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.407

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sep@nlnetlabs.nl	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-232 Improper Handling of Undefined Values

The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.

CWE-240 Improper Handling of Inconsistent Structural Elements

The product does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.

https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-39914

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39914

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39914

EUVD