CVE-2024-58261 — LOW (2.9) — White Hats Nepal

Q: How severe is CVE-2024-58261?

CVE-2024-58261 has been rated LOW with a CVSS base score of 2.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-58261?

Check the references section above for vendor advisories and patch information. Affected products include: Sequoia-Pgp Sequoia-Openpgp.

Vulnerability Description

The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.

CVSS Score

2.9

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sequoia-Pgp	Sequoia-Openpgp	>= 1.13.0, < 1.21.0

Related Weaknesses (CWE)

CWE-835

References

https://crates.io/crates/sequoia-openpgpProduct
https://gitlab.com/sequoia-pgp/sequoia/-/issues/1106Exploit
https://rustsec.org/advisories/RUSTSEC-2024-0345.htmlThird Party Advisory
https://gitlab.com/sequoia-pgp/sequoia/-/issues/1106Exploit

FAQ

What is CVE-2024-58261?

CVE-2024-58261 is a vulnerability with a CVSS score of 2.9 (LOW). The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsuppo...

How severe is CVE-2024-58261?

CVE-2024-58261 has been rated LOW with a CVSS base score of 2.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-58261?

Check the references section above for vendor advisories and patch information. Affected products include: Sequoia-Pgp Sequoia-Openpgp.