CVE-2023-53161
The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic.
CVE-2023-53160
The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic.
CVE-2024-58261
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.