Out-of-Bounds Array Access in Buffered-Reader Crate Affecting Rust
CVE-2023-53161

2.9LOW

Key Information:

Vendor: Sequoia-pgp
Status: Buffered-reader
Vendor: CVE Published:; 28 July 2025

🔔 Create Sequoia-pgp Vulnerability Alert

What is CVE-2023-53161?

The buffered-reader crate for Rust, prior to version 1.2.0, is vulnerable to an out-of-bounds array access, which can lead to unexpected panics during execution. This vulnerability exposes applications that rely on the buffered-reader for safe array manipulation to potential crashes and security risks. Developers should ensure they are using the updated version to maintain robust application security.

Affected Version(s)

buffered-reader 0 < 1.0.2

buffered-reader 1.1.0 < 1.1.5

References

https://lists.sequoia-pgp.org/hyperkitty/list/announce@li...

https://rustsec.org/advisories/RUSTSEC-2023-0039.html

https://github.com/advisories/GHSA-29mf-62xx-28jq

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Jul 28, 2025