Name of the Vulnerable Software and Affected Versions sequoia-openpgp versions 1.13.0 through 1.20.0

Description The issue is a denial-of-service vulnerability that causes the process to enter an infinite loop when triggered. It affects software directly or indirectly using the interface sequoia openpgp::cert::raw::RawCertParser, including all software using the sequoia cert store crate. The vulnerability occurs because the RawCertParser does not advance the input stream when encountering unsupported cert versions.

Recommendations For sequoia-openpgp versions 1.13.0 through 1.20.0, update to a version that includes the fix, which introduces a new raw-cert-specific cert::raw::Error::UnuspportedCert. At the moment, there is no information about a newer version that contains a fix for this vulnerability.