sequoia-openpgp
crates.io2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting sequoia-openpgppage 1 of 1
- CVE-2024-58261LOWCVSS 2.9EG 2.9✓ Fixed in 1.21.02025-07-27
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
- CVE-2025-67897MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.1.02025-12-14
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK pack…
Check whether sequoia-openpgp is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for sequoia-openpgp CVEs against the assets you own.
Start Free Scan →