Upstream information

CVE-2024-58261 at MITRE

Description

The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v3 Scores
  CNA (MITRE) National Vulnerability Database SUSE
Base Score 2.9 7.5 2.9
Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Local Network Local
Attack Complexity High Low High
Privileges Required None None None
User Interaction None None None
Scope Unchanged Unchanged Unchanged
Confidentiality Impact Low None Low
Integrity Impact None None None
Availability Impact None High None
CVSSv3 Version 3.1 3.1 3.1
SUSE Bugzilla entry: 1247095 [NEW]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Mon Jul 28 00:00:16 2025
CVE page last modified: Fri Aug 29 13:06:29 2025