CVE-2024-58261

CVSS 2.9 LOWEPSS 0.3%CWE-835

The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

sequoia-pgp · sequoia

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://crates.io/crates/sequoia-openpgp https://gitlab.com/sequoia-pgp/sequoia/-/issues/1106 https://rustsec.org/advisories/RUSTSEC-2024-0345.html