HIGH🇵🇱 Wersja polska

CVE-2023-39914

CVSS 7.5v3.1pub. 2023-09-13upd. 2024-11-21

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Nlnetlabs Bcder

    APP
    Nlnetlabs
    < 0.7.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-33278CRITICAL9.1PL ✓ten sam vendor

Use-after-free w validatorze DNSSEC Unbound — RCE i DoS

CVE-2023-39916CRITICAL9.3ten sam vendor

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains ...

CVE-2019-25035CRITICAL9.8ten sam vendor

Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that thi...

CVE-2019-25033CRITICAL9.8ten sam vendor

Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The ve...

CVE-2019-25032CRITICAL9.8ten sam vendor

Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor...