CVE-2024-58261

Sažetak

The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.

Reference

https://crates.io/crates/sequoia-openpgp
https://gitlab.com/sequoia-pgp/sequoia/-/issues/1106
https://rustsec.org/advisories/RUSTSEC-2024-0345.html
https://gitlab.com/sequoia-pgp/sequoia/-/issues/1106

CVSS

Base:	2.9
Impact:	1.4
Exploitability:	1.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

06-08-2025 - 20:59

Objavljeno

27-07-2025 - 20:15