GHSA-g97w-mw7g-v3jv

Опубликовано: 27 июл. 2025

Источник: github

Github: Прошло ревью

CVSS3: 2.9

Описание

Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references.

Original Description

The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2024-58261
https://crates.io/crates/sequoia-openpgp
https://gitlab.com/sequoia-pgp/sequoia/-/issues/1106
https://rustsec.org/advisories/RUSTSEC-2024-0345.html

Пакеты

Наименование

sequoia-openpgp

rust

Затронутые версииВерсия исправления

>= 1.13.0, < 1.21.0

1.21.0

2.9 Low

CVSS3

Дефекты

CWE-835

2.9 Low

CVSS3

Дефекты

CWE-835