CVE-2023-39914 – BER/CER/DER decoder panics on invalid input
https://notcve.org/view.php?id=CVE-2023-39914
NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding. La biblioteca bder de NLnet Labs hasta la versión 0.7.2 incluida entra en pánico al decodificar ciertos datos de entrada no válidos en lugar de rechazar los datos con un error. Esto puede afectar tanto a la etapa de decodificación real como al acceso a contenidos de tipos que utilizaron decodificación retrasada. NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. • https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt • CWE-228: Improper Handling of Syntactically Invalid Structure CWE-232: Improper Handling of Undefined Values CWE-240: Improper Handling of Inconsistent Structural Elements •