CNNVD-202507-3459 Information

CNNVD ID

CNNVD-202507-3459

Related CVE

CVE-2023-53160

• CNNVD Published: 2025-07-28

Description (Chinese)

sequoia-openpgp是sequoia-openpgp个人开发者的一个Rust库。 sequoia-openpgp crate 1.16.0之前版本存在缓冲区错误漏洞，该漏洞源于越界数组访问可能导致崩溃。

Description (English)

Sequoia-openpgp is a Rust bank of personal developers of sequoia-openpgp. There was an error loophole in the buffer zone in the pre-version version of sequioia-openpgp crime 1.16.0, which originated from cross-border cluster visits that could lead to a breakdown.

Hazard Level

Critical

Vulnerability Type

缓冲区错误

Affected Vendor

个人开发者

Published

2025-07-28

Last Modified

2026-02-24

References

https://github.com/advisories/GHSA-25mx-8f3v-8wh7 https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/ https://crates.io/crates/sequoia-openpgp https://rustsec.org/advisories/RUSTSEC-2023-0038.html https://access.redhat.com/security/cve/cve-2023-53160 https://vigilance.fr/vulnerability/Rust-sequoia-openpgp-assertion-error-via-Out-of-bound-Array-Index-48319

Patch

https://sequoia-pgp.org/