rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/sequoia-openpgp/RUSTSEC-2023-0038.md
djc 2e45336771 Synchronize IDs (2025-10-28)
2025-10-28 07:02:18 +01:00

1015 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2023-0038"
package = "sequoia-openpgp"
date = "2023-05-16"
url = "https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/"
references = ["https://gitlab.com/sequoia-pgp/sequoia/-/tags/openpgp%2Fv1.16.0"]
categories = ["denial-of-service"]
# Attacker-controlled input can result in a panic due to an
# out-of-bounds array index.
keywords = ["panic"]
aliases = ["CVE-2023-53160", "GHSA-25mx-8f3v-8wh7"]

[versions]
patched = [">= 1.1.1, < 1.2.0", ">= 1.8.1, < 1.9.0", ">= 1.16.0"]

Out-of-bounds array access leads to panic

Affected versions of the crate have several bugs where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not possible for an attacker to read from or write to the application's address space.