CVE-2023-39914

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt	Vendor Advisory
https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nlnetlabs:bcder:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:16

Type	Values Removed	Values Added
References	~~() https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt - Vendor Advisory~~	() https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt - Vendor Advisory

11 Sep 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-13 15:15

Updated : 2024-11-21 08:16

NVD link : CVE-2023-39914

Mitre link : CVE-2023-39914

CVE.ORG link : CVE-2023-39914

JSON object : View

Products Affected

nlnetlabs

bcder

CWE

CWE-232

Improper Handling of Undefined Values

CWE-240

Improper Handling of Inconsistent Structural Elements

NVD-CWE-noinfo

{"id": "CVE-2023-39914", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sep@nlnetlabs.nl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-09-13T15:15:07.657", "references": [{"url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt", "tags": ["Vendor Advisory"], "source": "sep@nlnetlabs.nl"}, {"url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "sep@nlnetlabs.nl", "description": [{"lang": "en", "value": "CWE-232"}, {"lang": "en", "value": "CWE-240"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding."}, {"lang": "es", "value": "La biblioteca bder de NLnet Labs hasta la versi\u00f3n 0.7.2 incluida entra en p\u00e1nico al decodificar ciertos datos de entrada no v\u00e1lidos en lugar de rechazar los datos con un error. Esto puede afectar tanto a la etapa de decodificaci\u00f3n real como al acceso a contenidos de tipos que utilizaron decodificaci\u00f3n retrasada."}], "lastModified": "2024-11-21T08:16:01.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nlnetlabs:bcder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01667F69-EC35-4FDC-96BE-E633C2F494C4", "versionEndExcluding": "0.7.3"}], "operator": "OR"}]}], "sourceIdentifier": "sep@nlnetlabs.nl"}