Описание
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rust-sequoia-openpgp | fixed | 1.21.0-1 | package | |
| rust-sequoia-openpgp | not-affected | bookworm | package | |
| rust-sequoia-openpgp | not-affected | bullseye | package |
Примечания
https://rustsec.org/advisories/RUSTSEC-2024-0345.html
https://gitlab.com/sequoia-pgp/sequoia/-/issues/1106
Fixed by: https://gitlab.com/sequoia-pgp/sequoia/-/commit/81fa1d8440116712365106bca7bd81b46349d9c0 (openpgp/v1.21.0)
EPSS
Связанные уязвимости
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
Low severity (DoS) vulnerability in sequoia-openpgp
EPSS