Vulnerability Description
The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic.
CVSS Score
2.9
LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sequoia-Pgp | Buffered-Reader | < 1.0.2 |
Related Weaknesses (CWE)
References
- https://crates.io/crates/buffered-readerProduct
- https://github.com/advisories/GHSA-29mf-62xx-28jqThird Party Advisory
- https://gitlab.com/sequoia-pgp/sequoia/-/tags/buffered-reader%2Fv1.0.2Release Notes
- https://gitlab.com/sequoia-pgp/sequoia/-/tags/buffered-reader%2Fv1.1.5Release Notes
- https://lists.sequoia-pgp.org/hyperkitty/list/[email protected]/thrPatch
- https://rustsec.org/advisories/RUSTSEC-2023-0039.htmlThird Party Advisory
FAQ
What is CVE-2023-53161?
CVE-2023-53161 is a vulnerability with a CVSS score of 2.9 (LOW). The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic.
How severe is CVE-2023-53161?
CVE-2023-53161 has been rated LOW with a CVSS base score of 2.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53161?
Check the references section above for vendor advisories and patch information. Affected products include: Sequoia-Pgp Buffered-Reader.