BER/CER/DER decoder panics on invalid input
High severity
GitHub Reviewed
Published
Sep 13, 2023
to the GitHub Advisory Database
•
Updated Nov 5, 2023
Description
Published by the National Vulnerability Database
Sep 13, 2023
Published to the GitHub Advisory Database
Sep 13, 2023
Reviewed
Sep 14, 2023
Last updated
Nov 5, 2023
NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.
References