2023-09-13 16:00:28 +00:00
{
"id" : "CVE-2023-39914" ,
"sourceIdentifier" : "sep@nlnetlabs.nl" ,
"published" : "2023-09-13T15:15:07.657" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T08:16:01.750" ,
2024-09-11 18:03:18 +00:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-09-13 16:00:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
2024-09-11 18:03:18 +00:00
"value" : "NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding."
2024-04-04 08:46:00 +00:00
} ,
{
"lang" : "es" ,
"value" : "La biblioteca bder de NLnet Labs hasta la versi\u00f3n 0.7.2 incluida entra en p\u00e1nico al decodificar ciertos datos de entrada no v\u00e1lidos en lugar de rechazar los datos con un error. Esto puede afectar tanto a la etapa de decodificaci\u00f3n real como al acceso a contenidos de tipos que utilizaron decodificaci\u00f3n retrasada."
2023-09-13 16:00:28 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-09-15 16:00:29 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "sep@nlnetlabs.nl" ,
"type" : "Secondary" ,
2023-09-15 16:00:29 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 7.5 ,
"baseSeverity" : "HIGH" ,
2023-09-15 16:00:29 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-09-15 16:00:29 +00:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 3.6
} ,
2023-09-13 16:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-09-13 16:00:28 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 7.5 ,
"baseSeverity" : "HIGH" ,
2023-09-13 16:00:28 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-09-13 16:00:28 +00:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 3.6
}
]
} ,
"weaknesses" : [
{
"source" : "sep@nlnetlabs.nl" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
2024-09-11 18:03:18 +00:00
"value" : "CWE-232"
} ,
{
"lang" : "en" ,
"value" : "CWE-240"
2023-09-13 16:00:28 +00:00
}
]
2024-12-08 03:06:42 +00:00
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-noinfo"
}
]
2023-09-13 16:00:28 +00:00
}
] ,
2023-09-15 16:00:29 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nlnetlabs:bcder:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "0.7.3" ,
"matchCriteriaId" : "01667F69-EC35-4FDC-96BE-E633C2F494C4"
}
]
}
]
}
] ,
2023-09-13 16:00:28 +00:00
"references" : [
{
"url" : "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt" ,
2023-09-15 16:00:29 +00:00
"source" : "sep@nlnetlabs.nl" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-09-13 16:00:28 +00:00
}
]
}