{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-53161", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-07-28T13:52:30.036Z", "dateReserved": "2025-07-28T00:00:00.000Z", "datePublished": "2025-07-28T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "buffered-reader", "vendor": "sequoia-pgp", "versions": [{"lessThan": "1.0.2", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "1.1.5", "status": "affected", "version": "1.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-07-28T02:54:32.147Z"}, "references": [{"url": "https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/"}, {"url": "https://rustsec.org/advisories/RUSTSEC-2023-0039.html"}, {"url": "https://github.com/advisories/GHSA-29mf-62xx-28jq"}, {"url": "https://crates.io/crates/buffered-reader"}, {"url": "https://gitlab.com/sequoia-pgp/sequoia/-/tags/buffered-reader%2Fv1.0.2"}, {"url": "https://gitlab.com/sequoia-pgp/sequoia/-/tags/buffered-reader%2Fv1.1.5"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-28T13:52:24.864582Z", "id": "CVE-2023-53161", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T13:52:30.036Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-53161", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-28T13:52:24.864582Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T13:52:26.990Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}}], "affected": [{"vendor": "sequoia-pgp", "product": "buffered-reader", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.2", "versionType": "semver"}, {"status": "affected", "version": "1.1.0", "lessThan": "1.1.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/"}, {"url": "https://rustsec.org/advisories/RUSTSEC-2023-0039.html"}, {"url": "https://github.com/advisories/GHSA-29mf-62xx-28jq"}, {"url": "https://crates.io/crates/buffered-reader"}, {"url": "https://gitlab.com/sequoia-pgp/sequoia/-/tags/buffered-reader%2Fv1.0.2"}, {"url": "https://gitlab.com/sequoia-pgp/sequoia/-/tags/buffered-reader%2Fv1.1.5"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-07-28T02:54:32.147Z"}}}, "cveMetadata": {"cveId": "CVE-2023-53161", "state": "PUBLISHED", "dateUpdated": "2025-07-28T13:52:30.036Z", "dateReserved": "2025-07-28T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-07-28T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sequoia-pgp:buffered-reader:*:*:*:*:*:rust:*:*", "matchCriteriaId": "99CAB7B8-E8C3-42A6-96AA-49B4218193C1", "versionEndExcluding": "1.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sequoia-pgp:buffered-reader:*:*:*:*:*:rust:*:*", "matchCriteriaId": "82601D7A-1269-4BCC-A503-6D1F17906FCA", "versionEndExcluding": "1.1.5", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic."}, {"lang": "es", "value": "El paquete buffered-reader para Rust anterior a la versi\u00f3n 1.1.5 permite el acceso a matrices fuera de los l\u00edmites y un p\u00e1nico."}], "id": "CVE-2023-53161", "lastModified": "2025-08-06T21:16:58.247", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-28T03:15:23.557", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://crates.io/crates/buffered-reader"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/advisories/GHSA-29mf-62xx-28jq"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://gitlab.com/sequoia-pgp/sequoia/-/tags/buffered-reader%2Fv1.0.2"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://gitlab.com/sequoia-pgp/sequoia/-/tags/buffered-reader%2Fv1.1.5"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0039.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "buffered-reader: Buffered-Reader Out-of-Bounds Access Vulnerability", "id": "2383807", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383807"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in buffered-reader. The crate's implementation contains an out-of-bounds array access, leading to a panic. A local attacker can trigger this condition by providing a specially crafted input. This occurs when processing data from an external source, which can result in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-53161", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "rust-rpm-sequoia", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "rust-sequoia-sq", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "rust-sequoia-sqv", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "trustee-guest-components", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "rust-rpm-sequoia", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "trustee-guest-components", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "kata-containers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:trusted_profile_analyzer:2", "fix_state": "Fix deferred", "package_name": "rhtpa/rhtpa-trustification-service-rhel9", "product_name": "Red Hat Trusted Profile Analyzer"}], "public_date": "2025-07-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53161\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53161\nhttps://crates.io/crates/buffered-reader\nhttps://crates.io/crates/w\nhttps://github.com/\nhttps://github.com/advisories/GHSA-29mf-62xx-28jq\nhttps://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/\nhttps://rustsec.org/advisories/\nhttps://rustsec.org/advisories/RUSTSEC-2023-0039.html"], "threat_severity": "Low"}

{}