{"id":"RUSTSEC-2023-0062","summary":"BER/CER/DER decoder panics on invalid input","details":"Due to insufficient checking of input data, decoding certain data sequences\ncan lead to _bcder_ panicking rather than returning an error. This can affect\nboth the actual decoding stage as well as accessing content of types that\nutilized delayed decoding.\n\nbcder 0.7.3 fixes these issues by more thoroughly checking inputs and\nreturning errors as expected.","aliases":["CVE-2023-39914","GHSA-6jmw-6mxw-w4jc"],"modified":"2024-02-10T15:57:43Z","published":"2023-09-13T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/bcder"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0062.html"},{"type":"WEB","url":"https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt"},{"type":"WEB","url":"https://github.com/NLnetLabs/bcder/pull/74"}],"affected":[{"package":{"name":"bcder","ecosystem":"crates.io","purl":"pkg:cargo/bcder"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.7.3"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","categories":["denial-of-service"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0062.json","informational":null}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}