Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

bcder

Source -

CNANVD

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2023-39914
Assigner-NLnet Labs
ShareView Details
Assigner-NLnet Labs
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.50%
||
7 Day CHG~0.00%
Published-13 Sep, 2023 | 14:17
Updated-12 Sep, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BER/CER/DER decoder panics on invalid input

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

Action-Not Available
Vendor-nlnetlabsNLnet Labs
Product-bcderbcder
CWE ID-CWE-232
Improper Handling of Undefined Values
CWE ID-CWE-240
Improper Handling of Inconsistent Structural Elements