Is bcder affected by CVE-2023-39914?

crates.io bcder is affected in <0.7.3.

Is CVE-2023-39914 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.6%.

high

CVE-2023-39914

Q: Is CVE-2023-39914 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.6%.

crates.io · bcder

Summary

BER/CER/DER decoder panics on invalid input

Severity: high
EPSS: 0.6% (p44)
Also known as: GHSA-6jmw-6mxw-w4jc, RUSTSEC-2023-0062
Published: 2023-09-13

References

https://nvd.nist.gov/vuln/detail/CVE-2023-39914
https://github.com/NLnetLabs/bcder/commit/4da91c3fd853e3d466d8581cf1d82b7f3255de56
https://github.com/NLnetLabs/bcder

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.