GHSA-g97w-mw7g-v3jv: Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp

July 27, 2025 (updated July 28, 2025)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references.

Original Description

The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of “Reading a cert: Invalid operation: Not a Key packet” messages for RawCertParser operations that encounter an unsupported primary key type.

References

crates.io/crates/sequoia-openpgp
github.com/advisories/GHSA-g97w-mw7g-v3jv
gitlab.com/sequoia-pgp/sequoia
gitlab.com/sequoia-pgp/sequoia/-/issues/1106
nvd.nist.gov/vuln/detail/CVE-2024-58261
rustsec.org/advisories/RUSTSEC-2024-0345.html

Code Behaviors & Features

Detect and mitigate GHSA-g97w-mw7g-v3jv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →