CVE-2023-39914

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-232
View all →

Vulnerability Description

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

Related Vulnerabilities

CVE-2023-2968

HIGH
CVSS:7.5(High)

A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.

CWE-2322023

CVE-2023-39915

HIGH
CVSS:7.5(High)

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-...

CWE-2322023

CVE-2025-40775

HIGH
CVSS:7.5(High)

When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an asse...

CWE-2322025

CVE-2025-20192

HIGH
CVSS:7.7(High)

A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The a...

CWE-2322025

CVE-2023-36848

MEDIUM
CVSS:6.5(Medium)

An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticat...

CWE-2322023

CVE-2022-22213

MEDIUM
CVSS:5.9(Medium)

A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to cr...

CWE-2322022