{"id":"CVE-2024-58261","details":"The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of \"Reading a cert: Invalid operation: Not a Key packet\" messages for RawCertParser operations that encounter an unsupported primary key type.","aliases":["GHSA-9344-p847-qm5c","RUSTSEC-2024-0345"],"modified":"2026-03-14T12:40:30.035681Z","published":"2025-07-27T20:15:24.810Z","references":[{"type":"WEB","url":"https://crates.io/crates/sequoia-openpgp"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0345.html"},{"type":"EVIDENCE","url":"https://gitlab.com/sequoia-pgp/sequoia/-/issues/1106"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/sequoia-pgp/sequoia","events":[{"introduced":"42937aa54d10033a1c41509d7817f9eb1ca17845"},{"fixed":"52ae37f884a0cd6c13d22963b93b09b2159e32fe"}],"database_specific":{"versions":[{"introduced":"1.13.0"},{"fixed":"1.21.0"}]}}],"versions":["autocrypt/v0.25.0","autocrypt/v0.25.1","buffered-reader/v1.2.0","buffered-reader/v1.3.0","buffered-reader/v1.3.1","ipc/v0.30.0","ipc/v0.30.1","ipc/v0.31.0","ipc/v0.32.0","ipc/v0.33.0","ipc/v0.34.0","ipc/v0.34.1","ipc/v0.35.0","net/v0.26.0","net/v0.27.0","net/v0.28.0","openpgp/v1.13.0","openpgp/v1.14.0","openpgp/v1.15.0","openpgp/v1.16.0","openpgp/v1.17.0","openpgp/v1.18.0","openpgp/v1.19.0","openpgp/v1.20.0","sq/v0.28.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58261.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}