Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for bcder by NLnet Labs

    CVE-2023-39914 (GCVE-0-2023-39914)

    Vulnerability from nvd – Published: 2023-09-13 14:17 – Updated: 2024-09-12 13:22
    VLAI
    Title
    BER/CER/DER decoder panics on invalid input
    Summary
    NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-232 - Improper Handling of Undefined Values
    • CWE-240 - Improper Handling of Inconsistent Structural Elements
    Assigner
    References
    Impacted products
    Vendor Product Version
    NLnet Labs bcder Affected: * , < 0.7.3 (semver)
    Unaffected: 0.7.3 , < * (semver)
    Create a notification for this product.
    Date Public
    2023-09-13 00:00
    Credits
    Haya Shulman Donika Mirdita Niklas Vogel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:18:10.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T13:22:23.054203Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T13:22:36.893Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "bcder",
              "vendor": "NLnet Labs",
              "versions": [
                {
                  "lessThan": "0.7.3",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0.7.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Haya Shulman"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Donika Mirdita"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Niklas Vogel"
            }
          ],
          "datePublic": "2023-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NLnet Labs\u0027 bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-232",
                  "description": "CWE-232: Improper Handling of Undefined Values",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-240",
                  "description": "CWE-240: Improper Handling of Inconsistent Structural Elements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-11T15:34:05.255Z",
            "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
            "shortName": "NLnet Labs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed in 0.7.3 and all later versions."
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-19T18:00:00.000Z",
              "value": "Issue reported by Haya Shulman"
            },
            {
              "lang": "en",
              "time": "2023-09-13T14:00:00.000Z",
              "value": "Fixes released"
            }
          ],
          "title": "BER/CER/DER decoder panics on invalid input"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "assignerShortName": "NLnet Labs",
        "cveId": "CVE-2023-39914",
        "datePublished": "2023-09-13T14:17:49.204Z",
        "dateReserved": "2023-08-07T11:55:17.843Z",
        "dateUpdated": "2024-09-12T13:22:36.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39914 (GCVE-0-2023-39914)

    Vulnerability from cvelistv5 – Published: 2023-09-13 14:17 – Updated: 2024-09-12 13:22
    VLAI
    Title
    BER/CER/DER decoder panics on invalid input
    Summary
    NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-232 - Improper Handling of Undefined Values
    • CWE-240 - Improper Handling of Inconsistent Structural Elements
    Assigner
    References
    Impacted products
    Vendor Product Version
    NLnet Labs bcder Affected: * , < 0.7.3 (semver)
    Unaffected: 0.7.3 , < * (semver)
    Create a notification for this product.
    Date Public
    2023-09-13 00:00
    Credits
    Haya Shulman Donika Mirdita Niklas Vogel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:18:10.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T13:22:23.054203Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T13:22:36.893Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "bcder",
              "vendor": "NLnet Labs",
              "versions": [
                {
                  "lessThan": "0.7.3",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0.7.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Haya Shulman"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Donika Mirdita"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Niklas Vogel"
            }
          ],
          "datePublic": "2023-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NLnet Labs\u0027 bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-232",
                  "description": "CWE-232: Improper Handling of Undefined Values",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-240",
                  "description": "CWE-240: Improper Handling of Inconsistent Structural Elements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-11T15:34:05.255Z",
            "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
            "shortName": "NLnet Labs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed in 0.7.3 and all later versions."
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-19T18:00:00.000Z",
              "value": "Issue reported by Haya Shulman"
            },
            {
              "lang": "en",
              "time": "2023-09-13T14:00:00.000Z",
              "value": "Fixes released"
            }
          ],
          "title": "BER/CER/DER decoder panics on invalid input"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "assignerShortName": "NLnet Labs",
        "cveId": "CVE-2023-39914",
        "datePublished": "2023-09-13T14:17:49.204Z",
        "dateReserved": "2023-08-07T11:55:17.843Z",
        "dateUpdated": "2024-09-12T13:22:36.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }