← volver
CVE-2024-58261

CVE-2024-58261

CVSS 2.9 LOWEPSS 0.3%CWE-835
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
sequoia-pgp · sequoia

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://crates.io/crates/sequoia-openpgphttps://gitlab.com/sequoia-pgp/sequoia/-/issues/1106https://rustsec.org/advisories/RUSTSEC-2024-0345.html