The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 06 Aug 2025 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Sequoia-pgp
Sequoia-pgp sequoia-openpgp
CPEs cpe:2.3:a:sequoia-pgp:sequoia-openpgp:*:*:*:*:*:rust:*:*
Vendors & Products Sequoia-pgp
Sequoia-pgp sequoia-openpgp

Tue, 29 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
Title sequoia-openpgp: Sequoia OpenPGP: RawCertParser Infinite Loop Vulnerability
References
Metrics threat_severity

None

threat_severity

Low


Mon, 28 Jul 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 27 Jul 2025 19:30:00 +0000

Type Values Removed Values Added
Description The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
Weaknesses CWE-835
References
Metrics cvssV3_1

{'score': 2.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-07-28T18:55:28.197Z

Reserved: 2025-07-27T00:00:00.000Z

Link: CVE-2024-58261

cve-icon Vulnrichment

Updated: 2025-07-28T15:25:40.302Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-27T20:15:24.810

Modified: 2025-08-06T20:59:26.090

Link: CVE-2024-58261

cve-icon Redhat

Severity : Low

Publid Date: 2025-07-27T00:00:00Z

Links: CVE-2024-58261 - Bugzilla

cve-icon OpenCVE Enrichment

No data.