CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-G5GJ-9GGF-9VMQ
Vulnerability from github – Published: 2021-11-10 20:38 – Updated: 2023-10-02 15:58OctoRPKI (github.com/cloudflare/cfrpki/cmd/octorpki) does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.
For more information
If you have any questions or comments about this advisory email us at security@cloudflare.com
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cloudflare/cfrpki"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3908"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-10T18:18:55Z",
"nvd_published_at": "2021-11-11T22:15:00Z",
"severity": "MODERATE"
},
"details": "OctoRPKI (github.com/cloudflare/cfrpki/cmd/octorpki) does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.\n\n### For more information\nIf you have any questions or comments about this advisory email us at security@cloudflare.com \n",
"id": "GHSA-g5gj-9ggf-9vmq",
"modified": "2023-10-02T15:58:02Z",
"published": "2021-11-10T20:38:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3908"
},
{
"type": "PACKAGE",
"url": "https://github.com/cloudflare/cfrpki"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/cfrpki/releases/tag/v1.4.0"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5041"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Infinite certificate chain depth results in OctoRPKI running forever"
}
GHSA-G63V-C4X5-2G6V
Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2025-11-04 00:32In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: fix 6 GHz scan construction
If more than 255 colocated APs exist for the set of all APs found during 2.4/5 GHz scanning, then the 6 GHz scan construction will loop forever since the loop variable has type u8, which can never reach the number found when that's bigger than 255, and is stored in a u32 variable. Also move it into the loops to have a smaller scope.
Using a u32 there is fine, we limit the number of APs in the scan list and each has a limit on the number of RNR entries due to the frame size. With a limit of 1000 scan results, a frame size upper bound of 4096 (really it's more like ~2300) and a TBTT entry size of at least 11, we get an upper bound for the number of ~372k, well in the bounds of a u32.
{
"affected": [],
"aliases": [
"CVE-2024-53055"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T18:15:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix 6 GHz scan construction\n\nIf more than 255 colocated APs exist for the set of all\nAPs found during 2.4/5 GHz scanning, then the 6 GHz scan\nconstruction will loop forever since the loop variable\nhas type u8, which can never reach the number found when\nthat\u0027s bigger than 255, and is stored in a u32 variable.\nAlso move it into the loops to have a smaller scope.\n\nUsing a u32 there is fine, we limit the number of APs in\nthe scan list and each has a limit on the number of RNR\nentries due to the frame size. With a limit of 1000 scan\nresults, a frame size upper bound of 4096 (really it\u0027s\nmore like ~2300) and a TBTT entry size of at least 11,\nwe get an upper bound for the number of ~372k, well in\nthe bounds of a u32.",
"id": "GHSA-g63v-c4x5-2g6v",
"modified": "2025-11-04T00:32:04Z",
"published": "2024-11-19T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53055"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ac15e5a8f42fed5d90ed9e1197600913678c50f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ccd5badadab2d586e91546bf5af3deda07fef1f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7245012f0f496162dd95d888ed2ceb5a35170f1a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cde8a7eb5c6762264ff0f4433358e0a0d250c875"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fc621e7a043de346c33bd7ae7e2e0c651d6152ef"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G64F-GXFJ-JR57
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.
{
"affected": [],
"aliases": [
"CVE-2017-18261"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-19T08:29:00Z",
"severity": "MODERATE"
},
"details": "The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.",
"id": "GHSA-g64f-gxfj-jr57",
"modified": "2022-05-13T01:44:38Z",
"published": "2022-05-13T01:44:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18261"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G66J-3R55-GRH3
Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
{
"affected": [],
"aliases": [
"CVE-2020-14398"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-17T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.",
"id": "GHSA-g66j-3r55-grh3",
"modified": "2022-05-24T17:20:47Z",
"published": "2022-05-24T17:20:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14398"
},
{
"type": "WEB",
"url": "https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
},
{
"type": "WEB",
"url": "https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4434-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G6V2-566P-8FGX
Vulnerability from github – Published: 2025-09-23 18:30 – Updated: 2025-09-23 18:30In the Linux kernel, the following vulnerability has been resolved:
NFS: Avoid writeback threads getting stuck in mempool_alloc()
In a low memory situation, allow the NFS writeback code to fail without getting stuck in infinite loops in mempool_alloc().
{
"affected": [],
"aliases": [
"CVE-2022-49097"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:47Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Avoid writeback threads getting stuck in mempool_alloc()\n\nIn a low memory situation, allow the NFS writeback code to fail without\ngetting stuck in infinite loops in mempool_alloc().",
"id": "GHSA-g6v2-566p-8fgx",
"modified": "2025-09-23T18:30:20Z",
"published": "2025-09-23T18:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49097"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0bae835b63c53f86cdc524f5962e39409585b22c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b3fa9a3c420c31e77b406ddc28f3a627100516c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a6caeddd68977a1aaaf62fbd1955b41dd5c3c5d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c74e2f6ecc51bd08bb5b0335477dba954a50592e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ea029e4ce760f786919d06ef52efa2e50ea92a5f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G6X2-39G4-M6XQ
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:36In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.
{
"affected": [],
"aliases": [
"CVE-2017-7745"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-12T23:59:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.",
"id": "GHSA-g6x2-39g4-m6xq",
"modified": "2025-04-20T03:36:01Z",
"published": "2022-05-13T01:47:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7745"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13578"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2017-20.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97627"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G7JQ-J257-RWW2
Vulnerability from github – Published: 2026-05-27 03:30 – Updated: 2026-07-01 18:04In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently unresponsive with increasing CPU and memory consumption. An authenticated attacker can systematically exhaust all proxy-server workers, resulting in denial of service. The defect was introduced in Swift 2.36.0.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "swift"
},
"ranges": [
{
"events": [
{
"introduced": "2.36.0"
},
{
"last_affected": "2.36.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "swift"
},
"ranges": [
{
"events": [
{
"introduced": "2.37.0"
},
{
"last_affected": "2.37.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-49017"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-01T18:04:11Z",
"nvd_published_at": "2026-05-27T02:16:34Z",
"severity": "HIGH"
},
"details": "In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently unresponsive with increasing CPU and memory consumption. An authenticated attacker can systematically exhaust all proxy-server workers, resulting in denial of service. The defect was introduced in Swift 2.36.0.",
"id": "GHSA-g7jq-j257-rww2",
"modified": "2026-07-01T18:04:11Z",
"published": "2026-05-27T03:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49017"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/bugs/2152205"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/swift"
},
{
"type": "WEB",
"url": "https://review.opendev.org/c/openstack/swift/+/987957"
},
{
"type": "WEB",
"url": "https://review.opendev.org/c/openstack/swift/+/988093"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/27/9"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/02/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"type": "CVSS_V4"
}
],
"summary": "OpenStack Swift: s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body"
}
GHSA-G85J-48PG-M4XC
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.
{
"affected": [],
"aliases": [
"CVE-2018-10981"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-10T22:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.",
"id": "GHSA-g85j-48pg-m4xc",
"modified": "2022-05-13T01:48:59Z",
"published": "2022-05-13T01:48:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10981"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4201"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-262.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2018/05/08/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104149"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G925-QGM3-HC5P
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 21:31In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: prevent infinite loops caused by the next valid being the same
When processing valid within the range [valid : pos), if valid cannot be retrieved correctly, for example, if the retrieved valid value is always the same, this can trigger a potential infinite loop, similar to the hung problem reported by syzbot [1].
Adding a check for the valid value within the loop body, and terminating the loop and returning -EINVAL if the value is the same as the current value, can prevent this.
[1] INFO: task syz.4.21:6056 blocked for more than 143 seconds. Call Trace: rwbase_write_lock+0x14f/0x750 kernel/locking/rwbase_rt.c:244 inode_lock include/linux/fs.h:1027 [inline] ntfs_file_write_iter+0xe6/0x870 fs/ntfs3/file.c:1284
{
"affected": [],
"aliases": [
"CVE-2026-45864"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:16:58Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: prevent infinite loops caused by the next valid being the same\n\nWhen processing valid within the range [valid : pos), if valid cannot\nbe retrieved correctly, for example, if the retrieved valid value is\nalways the same, this can trigger a potential infinite loop, similar\nto the hung problem reported by syzbot [1].\n\nAdding a check for the valid value within the loop body, and terminating\nthe loop and returning -EINVAL if the value is the same as the current\nvalue, can prevent this.\n\n[1]\nINFO: task syz.4.21:6056 blocked for more than 143 seconds.\nCall Trace:\n rwbase_write_lock+0x14f/0x750 kernel/locking/rwbase_rt.c:244\n inode_lock include/linux/fs.h:1027 [inline]\n ntfs_file_write_iter+0xe6/0x870 fs/ntfs3/file.c:1284",
"id": "GHSA-g925-qgm3-hc5p",
"modified": "2026-06-25T21:31:18Z",
"published": "2026-05-27T15:33:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45864"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27b75ca4e51e3e4554dc85dbf1a0246c66106fd3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4bf3bafb8e0635ed93e3cd4156dcbcc0fb960cb4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50c822fcb36768f1fb356f05b02a2248ef81936d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d93239b4fc479f7c0a412dd196ec0ca2672d14a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/71c8b966ec56e13c02388c1312910588bb49be7a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a47a2bb9aa6455d5cee1045814a60c749309c92b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b97e371e5d1c13d722335d46eb8bc1a22b272a0e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G97W-MW7G-V3JV
Vulnerability from github – Published: 2025-07-27 21:32 – Updated: 2025-07-28 15:36Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references.
Original Description
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "sequoia-openpgp"
},
"ranges": [
{
"events": [
{
"introduced": "1.13.0"
},
{
"fixed": "1.21.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-28T15:36:45Z",
"nvd_published_at": "2025-07-27T20:15:24Z",
"severity": "LOW"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references.\n\n### Original Description\nThe sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of \"Reading a cert: Invalid operation: Not a Key packet\" messages for RawCertParser operations that encounter an unsupported primary key type.",
"id": "GHSA-g97w-mw7g-v3jv",
"modified": "2025-07-28T15:36:45Z",
"published": "2025-07-27T21:32:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58261"
},
{
"type": "WEB",
"url": "https://crates.io/crates/sequoia-openpgp"
},
{
"type": "PACKAGE",
"url": "https://gitlab.com/sequoia-pgp/sequoia"
},
{
"type": "WEB",
"url": "https://gitlab.com/sequoia-pgp/sequoia/-/issues/1106"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0345.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp",
"withdrawn": "2025-07-28T15:36:45Z"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.