CVE-2023-39914

HIGH

NLnet Labs bcder <= 0.7.2 - Denial of Service via Invalid Input Decoding

Title source: llm

Description

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt

Scores

CVSS v3 7.5

EPSS 0.0059

EPSS Percentile 43.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-232 CWE-240

Status published

Products (2)

crates.io/bcder 0 - 0.7.3crates.io

nlnetlabs/bcder < 0.7.3

Published Sep 13, 2023

Tracked Since Feb 18, 2026