{"id":"CVE-2024-53856","summary":"rPGP Panics on Malformed Untrusted Input","details":"rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.","aliases":["GHSA-9rmp-2568-59rv","RUSTSEC-2024-0447"],"modified":"2026-04-10T05:19:08.493745Z","published":"2024-12-05T15:24:36.049Z","database_specific":{"cwe_ids":["CWE-130","CWE-148","CWE-617"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53856.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53856.json"},{"type":"ADVISORY","url":"https://github.com/rpgp/rpgp/security/advisories/GHSA-9rmp-2568-59rv"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53856"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rpgp/rpgp","events":[{"introduced":"0"},{"fixed":"0a652a3bbeae824be4c04939f730ca99260705c6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.14.1"}]}}],"versions":["0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.3.0","0.3.1","0.3.2","0.4.0","v0.1.0","v0.10.0","v0.10.1","v0.10.2","v0.11.0","v0.12.0-alpha.1","v0.12.0-alpha.2","v0.12.0-alpha.3","v0.13.0","v0.13.1","v0.14.0","v0.2.0-alpha","v0.2.0-alpha-41-g6312989","v0.2.0-alpha-42-gd6fdff9","v0.2.0-alpha-42-ge409cbd","v0.2.0-alpha-43-g20e6f48","v0.2.0-alpha-43-g8cbe57f","v0.2.0-alpha-44-g6eafcf3","v0.2.0-alpha-46-ga062ac3","v0.2.0-alpha-47-g1e04455","v0.2.0-alpha-47-gd55fdd7","v0.2.0-alpha-48-g6946e4b","v0.2.0-alpha-48-g8e5f652","v0.2.0-alpha-49-g03334c6","v0.2.0-alpha-50-g76ee05a","v0.4.1","v0.5.0","v0.5.1","v0.5.2","v0.6.0","v0.6.1","v0.7.0","v0.7.1","v0.7.2","v0.8.0","v0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53856.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}