sequoia-pgp 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー、vendor risk memory corruption, and vendor risk denial of service などに関し、一部は アプリケーションクラッシュ を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-2625 | A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an unconditional termination of the rpm process. This issue results in an application level denial of service, making the system unable to process RPM files for signature verification. | [email protected] | 4.0 | 0.01% | 2026-04-03 | 2026-05-01 |
| CVE-2023-53161 | The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic. | [email protected] | 2.9 | 0.26% | 2025-07-28 | 2025-08-06 |
| CVE-2023-53160 | The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic. | [email protected] | 2.9 | 0.28% | 2025-07-28 | 2025-08-06 |
| CVE-2024-58261 | The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type. | [email protected] | 2.9 | 0.08% | 2025-07-27 | 2025-08-06 |