CVE-2024-58261

Source
https://cve.org/CVERecord?id=CVE-2024-58261
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58261.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-58261
Aliases
Downstream
Published
2025-07-27T00:00:00Z
Modified
2026-07-15T01:48:54.873218624Z
Severity
  • 2.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.

Database specific
{
    "cwe_ids": [
        "CWE-835"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/58xxx/CVE-2024-58261.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / gitlab.com/sequoia-pgp/sequoia

Affected ranges

Type
GIT
Repo
https://gitlab.com/sequoia-pgp/sequoia
Events
Database specific
{
    "cpe": "cpe:2.3:a:sequoia-pgp:sequoia-openpgp:*:*:*:*:*:rust:*:*",
    "extracted_events": [
        {
            "introduced": "1.13.0"
        },
        {
            "fixed": "1.21.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

autocrypt/v0.*
autocrypt/v0.25.0
autocrypt/v0.25.1
buffered-reader/v1.*
buffered-reader/v1.2.0
buffered-reader/v1.3.0
buffered-reader/v1.3.1
ipc/v0.*
ipc/v0.30.0
ipc/v0.30.1
ipc/v0.31.0
ipc/v0.32.0
ipc/v0.33.0
ipc/v0.34.0
ipc/v0.34.1
ipc/v0.35.0
net/v0.*
net/v0.26.0
net/v0.27.0
net/v0.28.0
openpgp/v1.*
openpgp/v1.13.0
openpgp/v1.14.0
openpgp/v1.15.0
openpgp/v1.16.0
openpgp/v1.17.0
openpgp/v1.18.0
openpgp/v1.19.0
openpgp/v1.20.0
sq/v0.*
sq/v0.28.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58261.json"