CVE-2023-39914

HIGH

bcder <0.7.2 - Info Disclosure

Title source: llm

Description

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

References (1)

[Vendor Advisory] https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt

Scores

CVSS v3 7.5

EPSS 0.0024

EPSS Percentile 47.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-232 CWE-240

Status published

Products (2)

crates.io/bcder 0 - 0.7.3crates.io

nlnetlabs/bcder < 0.7.3

Published Sep 13, 2023

Tracked Since Feb 18, 2026