Sequoia-Pgp Sequoia-Openpgp vulnerabilities
3 known vulnerabilities affecting sequoia-pgp/sequoia-openpgp.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-67897MEDIUM≥ 0, < 2.1.02025-12-14
CVE-2025-67897 [MEDIUM] CWE-195 Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short
Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
ghsaosv
CVE-2023-53160MEDIUMCVSS 5.3fixed in 1.1.1≥ 1.2.0, < 1.8.1+1 more2025-07-28
CVE-2023-53160 [MEDIUM] CWE-125 CVE-2023-53160: The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic.
The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic.
ghsanvdosv
CVE-2024-58261HIGHCVSS 7.5≥ 1.13.0, < 1.21.02025-07-27
CVE-2024-58261 [HIGH] CWE-835 CVE-2024-58261: The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert:
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
ghsanvdosv