Skip to content

sequoia-openpgp vulnerable to out-of-bounds array access leading to panic

Low severity GitHub Reviewed Published Jun 6, 2023 to the GitHub Advisory Database • Updated Jun 6, 2023

Package

cargo sequoia-openpgp (Rust)

Affected versions

< 1.1.1
>= 1.2.0, < 1.8.1
>= 1.9.0, < 1.16.0

Patched versions

1.1.1
1.8.1
1.16.0

Description

Affected versions of the crate have several bugs where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not possible for an attacker to read from or write to the application's address space.

References

Published to the GitHub Advisory Database Jun 6, 2023
Reviewed Jun 6, 2023
Last updated Jun 6, 2023

Severity

Low

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-25mx-8f3v-8wh7

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.