CVE-2024-53857
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-53857
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53857.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-53857
- Aliases
- Downstream
- Published
- 2024-12-05T15:22:09Z
- Modified
- 2025-10-20T20:29:31.259789Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- rPGP Potential Resource Exhaustion when handling Untrusted Messages
- Details
-
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys.
- Database specific
{ "cwe_ids": [ "CWE-770" ] }- References
Affected packages
Git / github.com/rpgp/rpgp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rpgp/rpgp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0
0.3.1
0.3.2
0.4.0
v0.*
v0.1.0
v0.10.0
v0.10.1
v0.10.2
v0.11.0
v0.12.0-alpha.1
v0.12.0-alpha.2
v0.12.0-alpha.3
v0.13.0
v0.13.1
v0.14.0
v0.2.0-alpha
v0.2.0-alpha-41-g6312989
v0.2.0-alpha-42-gd6fdff9
v0.2.0-alpha-42-ge409cbd
v0.2.0-alpha-43-g20e6f48
v0.2.0-alpha-43-g8cbe57f
v0.2.0-alpha-44-g6eafcf3
v0.2.0-alpha-46-ga062ac3
v0.2.0-alpha-47-g1e04455
v0.2.0-alpha-47-gd55fdd7
v0.2.0-alpha-48-g6946e4b
v0.2.0-alpha-48-g8e5f652
v0.2.0-alpha-49-g03334c6
v0.2.0-alpha-50-g76ee05a
v0.4.1
v0.5.0
v0.5.1
v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.7.2
v0.8.0
v0.9.0