CVE-2023-39914 Vulnerability Details

  /     /     /  

CVE-2023-39914 Metadata Quick Info

CVE Published: 13/09/2023 | CVE Updated: 12/09/2024 | CVE Year: 2023
Source: NLnet Labs | Vendor: NLnet Labs | Product: bcder
Status : PUBLISHED

---

CVE-2023-39914 Description

NLnet Labs\' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

Metrics

CVSS Version: 3.1 | Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-232
CWE Name: CWE-232: Improper Handling of Undefined Values
Source: NLnet Labs

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).