CVE-2023-53160
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-08-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sequoia-pgp | sequoia-openpgp | to 1.1.1 (exc) |
| sequoia-pgp | sequoia-openpgp | From 1.2.0 (inc) to 1.8.1 (exc) |
| sequoia-pgp | sequoia-openpgp | From 1.9.0 (inc) to 1.16.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53160 is a vulnerability in the Rust crate sequoia-openpgp before version 1.16.0 where attacker-controlled input can cause out-of-bounds array access. Rust detects this invalid access and triggers a panic, which causes the application to terminate unexpectedly. [1, 2]
How can this vulnerability impact me? :
This vulnerability can be exploited to cause a denial-of-service (DoS) condition by forcing the application to panic and terminate unexpectedly. However, it does not allow attackers to read from or write to the application's memory, so the impact is limited to service disruption only. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability primarily causes service disruption and does not involve unauthorized access to sensitive data. Therefore, it has limited or no direct impact on compliance with data protection standards and regulations such as GDPR or HIPAA. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for application panics or crashes caused by out-of-bounds array access in the sequoia-openpgp crate. Since the vulnerability triggers a panic in Rust applications, checking application logs for panic messages related to sequoia-openpgp or running the application with debugging enabled to catch panics can help detect it. Additionally, verifying the version of the sequoia-openpgp crate used in your Rust projects can indicate if you are vulnerable. There are no specific network commands provided, but you can check the crate version with commands like `cargo tree | grep sequoia-openpgp` or inspect your Cargo.toml and Cargo.lock files for the crate version. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the sequoia-openpgp crate to a patched version where the vulnerability is fixed. Specifically, upgrade to version 1.16.0 or later, or to one of the patched versions 1.1.1 or 1.8.1 if applicable. This will prevent the out-of-bounds array access and the resulting panic. Additionally, consider implementing monitoring to detect application panics and prepare for graceful recovery to minimize denial-of-service impact. [2]