NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

Affected Packages

crates.io bcder

Affected versions: 0 (fixed in 0.7.3)

Related CVEs

CVE-2023-39914

Key Information

GHSA ID

GHSA-6jmw-6mxw-w4jc

Published

September 13, 2023 3:31 PM

Last Modified

September 11, 2024 6:45 PM

CVSS Score

7.5 /10

Primary Ecosystem

crates.io

Primary Package

bcder

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 13, 2025 6:07 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.