← Volver a CVEs
CVE-2024-53857
HIGH7.5
Descripcion
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/5/2024
Ultima modificacion12/5/2024
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-770
Referencias
https://github.com/rpgp/rpgp/security/advisories/GHSA-4grw-m28r-q285(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.