CVE-2024-53857

Published December 5th, 2024

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys.

rpgp/rpgp

OpenPGP implemented in pure Rust, permissively licensed

GitHub

1.03K