CVE-2024-53856

Опубликовано: 05 дек. 2024

Источник: debian

Описание

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
rust-pgp	fixed	0.14.2-1		package

Примечания

https://github.com/rpgp/rpgp/security/advisories/GHSA-9rmp-2568-59rv
https://rustsec.org/advisories/RUSTSEC-2024-0447.html

Связанные уязвимости

CVE-2024-53856

CVSS3: 7.5

ubuntu

около 1 года назад

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.

CVE-2024-53856

CVSS3: 7.5

nvd

около 1 года назад

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.

GHSA-9rmp-2568-59rv

CVSS3: 7.5

github

около 1 года назад

rPGP Panics on Malformed Untrusted Input