Source: rust-bcder Version: 0.6.1-1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/NLnetLabs/bcder/pull/74 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for rust-bcder. CVE-2023-39914[0]: | NLnet Labs’ bcder library up to and including version 0.7.2 panics | while decoding certain invalid input data rather than rejecting the | data with an error. This can affect both the actual decoding stage | as well as accessing content of types that utilized delayed | decoding. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-39914 https://www.cve.org/CVERecord?id=CVE-2023-39914 [1] https://github.com/NLnetLabs/bcder/pull/74 [2] https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt [3] https://rustsec.org/advisories/RUSTSEC-2023-0062.html Regards, Salvatore