Update BCDER crate dependency to 0.7.3 - Githubissues

indygreg / cryptography-rs

A collection of Rust crates in the cryptography space

12 stars 17 forks source link

Update BCDER crate dependency to 0.7.3 #20

Closed tj1402 closed 11 months ago

tj1402 commented 11 months ago

NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

https://nvd.nist.gov/vuln/detail/CVE-2023-39914

Currently x509-certificate crate has a dependency on bcder crate version 0.7.2. This is a request to update it to 0.7.3. https://crates.io/crates/x509-certificate/0.20.0/dependencies

indygreg commented 11 months ago

The main branch already uses bcder 0.7.3.