{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53857", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-11-22T17:30:02.142Z", "datePublished": "2024-12-05T15:22:09.049Z", "dateUpdated": "2024-12-05T16:34:13.917Z"}, "containers": {"cna": {"title": "rPGP Potential Resource Exhaustion when handling Untrusted Messages", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/rpgp/rpgp/security/advisories/GHSA-4grw-m28r-q285", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rpgp/rpgp/security/advisories/GHSA-4grw-m28r-q285"}], "affected": [{"vendor": "rpgp", "product": "rpgp", "versions": [{"version": "< 0.14.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-05T15:22:09.049Z"}, "descriptions": [{"lang": "en", "value": "rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys."}], "source": {"advisory": "GHSA-4grw-m28r-q285", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "rpgp", "product": "rpgp", "cpes": ["cpe:2.3:a:rpgp:rpgp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.14.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-05T16:32:52.619501Z", "id": "CVE-2024-53857", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-05T16:34:13.917Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-53857", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-05T16:32:52.619501Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:rpgp:rpgp:*:*:*:*:*:*:*:*"], "vendor": "rpgp", "product": "rpgp", "versions": [{"status": "affected", "version": "0", "lessThan": "0.14.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-05T16:34:05.683Z"}}], "cna": {"title": "rPGP Potential Resource Exhaustion when handling Untrusted Messages", "source": {"advisory": "GHSA-4grw-m28r-q285", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "rpgp", "product": "rpgp", "versions": [{"status": "affected", "version": "< 0.14.1"}]}], "references": [{"url": "https://github.com/rpgp/rpgp/security/advisories/GHSA-4grw-m28r-q285", "name": "https://github.com/rpgp/rpgp/security/advisories/GHSA-4grw-m28r-q285", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-05T15:22:09.049Z"}}}, "cveMetadata": {"cveId": "CVE-2024-53857", "state": "PUBLISHED", "dateUpdated": "2024-12-05T16:34:13.917Z", "dateReserved": "2024-11-22T17:30:02.142Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-12-05T15:22:09.049Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys."}], "id": "CVE-2024-53857", "lastModified": "2024-12-05T16:15:26.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-12-05T16:15:26.393", "references": [{"source": "[email protected]", "url": "https://github.com/rpgp/rpgp/security/advisories/GHSA-4grw-m28r-q285"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "[email protected]", "type": "Primary"}]}

{}