{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-53160", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-07-28T13:53:39.946Z", "dateReserved": "2025-07-28T00:00:00.000Z", "datePublished": "2025-07-28T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "sequoia", "vendor": "sequoia-pgp", "versions": [{"lessThan": "1.1.1", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "1.8.1", "status": "affected", "version": "1.2.0", "versionType": "semver"}, {"lessThan": "1.16.0", "status": "affected", "version": "1.9.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-07-28T02:28:04.475Z"}, "references": [{"url": "https://crates.io/crates/sequoia-openpgp"}, {"url": "https://rustsec.org/advisories/RUSTSEC-2023-0038.html"}, {"url": "https://github.com/advisories/GHSA-25mx-8f3v-8wh7"}, {"url": "https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-28T13:53:34.519270Z", "id": "CVE-2023-53160", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T13:53:39.946Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-53160", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-28T13:53:34.519270Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T13:53:37.056Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}}], "affected": [{"vendor": "sequoia-pgp", "product": "sequoia", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.1", "versionType": "semver"}, {"status": "affected", "version": "1.2.0", "lessThan": "1.8.1", "versionType": "semver"}, {"status": "affected", "version": "1.9.0", "lessThan": "1.16.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://crates.io/crates/sequoia-openpgp"}, {"url": "https://rustsec.org/advisories/RUSTSEC-2023-0038.html"}, {"url": "https://github.com/advisories/GHSA-25mx-8f3v-8wh7"}, {"url": "https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-07-28T02:28:04.475Z"}}}, "cveMetadata": {"cveId": "CVE-2023-53160", "state": "PUBLISHED", "dateUpdated": "2025-07-28T13:53:39.946Z", "dateReserved": "2025-07-28T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-07-28T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sequoia-pgp:sequoia-openpgp:*:*:*:*:*:rust:*:*", "matchCriteriaId": "899EAF37-6EF6-49B0-AE10-38533DABC70C", "versionEndExcluding": "1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sequoia-pgp:sequoia-openpgp:*:*:*:*:*:rust:*:*", "matchCriteriaId": "AD15C962-C5C6-4FBF-BE9F-635A85B4617B", "versionEndExcluding": "1.8.1", "versionStartIncluding": "1.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sequoia-pgp:sequoia-openpgp:*:*:*:*:*:rust:*:*", "matchCriteriaId": "669DC8B7-70D0-462F-9FA7-3DFACD9B7D3D", "versionEndExcluding": "1.16.0", "versionStartIncluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic."}, {"lang": "es", "value": "El paquete sequoia-openpgp para Rust anterior a 1.16.0 permite el acceso a matrices fuera de los l\u00edmites y un p\u00e1nico."}], "id": "CVE-2023-53160", "lastModified": "2025-08-06T21:15:47.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-28T03:15:23.373", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://crates.io/crates/sequoia-openpgp"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/advisories/GHSA-25mx-8f3v-8wh7"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0038.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "sequoia-openpgp: Sequoia OpenPGP Array Access Panic", "id": "2383806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383806"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in sequoia-openpgp. The crate exhibits an out-of-bounds array access, leading to a panic during processing. A local attacker can trigger this condition by providing a specially crafted input, which results in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-53160", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "rust-rpm-sequoia", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "rust-sequoia-sq", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "rust-sequoia-sqv", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "trustee-guest-components", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "rust-rpm-sequoia", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "trustee-guest-components", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "kata-containers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:trusted_profile_analyzer:2", "fix_state": "Fix deferred", "package_name": "rhtpa/rhtpa-trustification-service-rhel9", "product_name": "Red Hat Trusted Profile Analyzer"}], "public_date": "2025-07-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53160\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53160\nhttps://crates.io/crates/sequoia-openpgp\nhttps://github.com/advisories/GHSA-25mx-8f3v-8wh7\nhttps://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/\nhttps://rustsec.org/advisories/RUSTSEC-2023-0038.html"], "threat_severity": "Low"}

{}