rPGP vulnerability allows attackers to trigger resource exhaustion vulnerabilities
CVE-2024-53857

7.5HIGH

Key Information:

Vendor: Rpgp
Status: Rpgp
Vendor: CVE Published:; 5 December 2024

What is CVE-2024-53857?

The rPGP, a pure Rust implementation of the OpenPGP standard, is susceptible to resource exhaustion vulnerabilities. Versions prior to 0.14.1 allow attackers to exploit crafted messages, leading to potential denial of service through excessive resource consumption during general message parsing and symmetric key decryption processes. This vulnerability poses a significant risk as it can impact the functionality of applications relying on rPGP for secure messaging.

Affected Version(s)

rpgp < 0.14.1

References

https://github.com/rpgp/rpgp/security/advisories/GHSA-4gr...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 22, 2024

Rpgp

What is CVE-2024-53857?

Affected Version(s)

References

CVSS V3.1

Timeline