CVE-2024-53856

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-53856

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53856.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-53856

Aliases

GHSA-9rmp-2568-59rv

Published

2024-12-05T16:15:26Z

Modified

2025-01-14T12:17:30.662727Z

Summary

[none]

Details

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.

References

https://github.com/rpgp/rpgp/security/advisories/GHSA-9rmp-2568-59rv
https://security-tracker.debian.org/tracker/CVE-2024-53856

Affected packages

Debian:13 / rust-pgp

Package

Name: rust-pgp
Purl: pkg:deb/debian/rust-pgp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.14.2-1

Affected versions

0.*

0.13.2-1

0.13.2-2

0.13.2-3

0.14.0-1

0.14.0-2

0.14.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}