Detections
Analytics
CVE-2024-53857
high
Description
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys.
References
https://github.com/rpgp/rpgp/security/advisories/GHSA-4grw-m28r-q285
Details
Published: 2024-12-05
Updated: 2026-04-15
Risk Information
CVSS v2
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
Severity: High
CVSS v3
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: High
CVSS v4
Base Score: 8.7
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Severity: High
EPSS
EPSS: 0.00088