CVE-2023-39914

Name of the Vulnerable Software and Affected Versions NLnet Labs' bcder library versions 0.7.2 and earlier

Description The bcder library panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

Recommendations For versions 0.7.2 and earlier, update to version 0.7.3 or later, which fixes the issue by more thoroughly checking inputs and returning errors as expected. As a temporary workaround, consider implementing additional input validation to prevent the library from panicking when encountering invalid data.