Описание
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
A flaw was found in sequoia-openpgp. Processing RawCertParser operations with unsupported primary key types triggers an infinite loop of error messages. This flaw allows a local attacker to provide a specially crafted certificate file, resulting in a denial of service due to resource exhaustion.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | rust-rpm-sequoia | Fix deferred | ||
| Red Hat Enterprise Linux 10 | rust-sequoia-sq | Not affected | ||
| Red Hat Enterprise Linux 10 | rust-sequoia-sqv | Not affected | ||
| Red Hat Enterprise Linux 10 | trustee-guest-components | Not affected | ||
| Red Hat Enterprise Linux 9 | rust-rpm-sequoia | Not affected | ||
| Red Hat Enterprise Linux 9 | trustee-guest-components | Not affected | ||
| Red Hat OpenShift Container Platform 4 | kata-containers | Fix deferred | ||
| Red Hat Trusted Profile Analyzer | rhtpa/rhtpa-trustification-service-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
2.9 Low
CVSS3
Связанные уязвимости
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infi ...
Low severity (DoS) vulnerability in sequoia-openpgp
EPSS
2.9 Low
CVSS3