Invdfinder

Name of the Vulnerable Software and Affected Versions: rPGP versions prior to 0.14.1 Description: The issue allows an attacker to trigger crashes in rPGP by providing crafted data. This can occur in various scenarios, including parsing OpenPGP messages, decrypting messages via `decrypt with password()`, parsing or converting public keys, parsing signed cleartext messages, and using malformed private keys to sign or encrypt. The attack complexity is considered low, and the result is a denial-of-service impact via program termination, with no impact to confidentiality or integrity security properties. Recommendations: For versions prior to 0.14.1, upgrade to version 0.14.1 to fix the issue. As a temporary workaround, consider restricting the use of vulnerable components, such as `decrypt with password()`, until the patch is applied. Avoid using malformed private keys to sign or encrypt until the issue is resolved.