Lucene search

Ubuntu.comUB:CVE-2023-39914

HistorySep 13, 2023 - 12:00 a.m.

CVE-2023-39914

2023-09-1300:00:00

ubuntu.com

nlnet labs

bcder library

vulnerability

invalid input data

decoding

delayed decoding

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%

JSON

NLnet Labs’ bcder library up to and including version 0.7.2 panics while
decoding certain invalid input data rather than rejecting the data with an
error. This can affect both the actual decoding stage as well as accessing
content of types that utilized delayed decoding.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052176>

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchrust-bcder< anyUNKNOWN
ubuntu24.04noarchrust-bcder< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	rust-bcder	< any	UNKNOWN
ubuntu	24.04	noarch	rust-bcder	< any	UNKNOWN

References

github.com/NLnetLabs/bcder/pull/74

launchpad.net/bugs/cve/CVE-2023-39914

nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt

nvd.nist.gov/vuln/detail/CVE-2023-39914

rustsec.org/advisories/RUSTSEC-2023-0062.html

security-tracker.debian.org/tracker/CVE-2023-39914

www.cve.org/CVERecord?id=CVE-2023-39914

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for UB:CVE-2023-39914