The CVE number for this vulnerability is CVE-2023-39914.

== Summary
The decoder of the bcder library does not sufficiently check inpout data
resulting in panics when decoding certain invalid data.

== Affected products
bcder up to and including 0.7.2.

== Description
Due to insufficient checking of input data, decoding certain data sequences
can lead to bcder panicking rather than returning an error. This can affect
both the actual decoding stage as well as accessing content of types that
utilized delayed decoding.

bcder 0.7.3 fixes these issues by more thoroughly checking inputs.

== Acknowledgments
We would like to thank Haya Shulman, Donika Mirdita, Niklas Vogel from
Fraunhofer SIT and ATHENE for discovering and reporting the issue.