CVE-2024-53856

Summary

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.

Affected Software

VendorProductVersion RangeStatus
rpgprpgp< 0.14.1affected

Weaknesses

  • CWE-130: CWE-130: Improper Handling of Length Parameter Inconsistency
  • CWE-148: CWE-148: Improper Neutralization of Input Leaders
  • CWE-617: CWE-617: Reachable Assertion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References