Ribose Rnp vulnerabilities
4 known vulnerabilities affecting ribose/rnp.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-13470HIGHCVSS 7.7v0.18.02025-11-21
CVE-2025-13470 [HIGH] CWE-330 CVE-2025-13470: In RNP version 0.18.0 a refactoring regression causes the symmetric
session key used for Public-Key
In RNP version 0.18.0 a refactoring regression causes the symmetric
session key used for Public-Key Encrypted Session Key (PKESK) packets to
be left uninitialized except for zeroing, resulting in it always being
an all-zero byte array.
Any data encrypted using public-key encryption
in this release can be decrypted trivially by supplying an all-zero
s
nvdosv
CVE-2023-29480HIGHCVSS 7.5fixed in 0.16.32023-04-24
CVE-2023-29480 [HIGH] CWE-312 CVE-2023-29480: Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.
Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.
nvdosv
CVE-2023-29479MEDIUMCVSS 5.3fixed in 0.16.32023-04-24
CVE-2023-29479 [MEDIUM] CWE-400 CVE-2023-29479: Ribose RNP before 0.16.3 may hang when the input is malformed.
Ribose RNP before 0.16.3 may hang when the input is malformed.
nvdosv
CVE-2021-33589HIGHCVSS 7.5fixed in 0.15.12023-04-21
CVE-2021-33589 [HIGH] CWE-522 CVE-2021-33589: Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.
nvdosv