GHSA-7587-4WV6-M68M

Vulnerability from github – Published: 2026-02-13 20:54 – Updated: 2026-02-13 20:54
VLAI?
Summary
rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895
Details

Summary

It was possible to trigger an unhandled edge case in the Rust Crypto rsa crate through rPGP packet parsing functionality, and crash the process that runs rPGP. This problem has been patched in a new rsa version. The new release of rPGP ensures a patched version of the rsa crate is in use, which prevents this issue.

Details

While parsing a special RSA secret key packet, rPGP calls the rsa crate with the provided key. On vulnerable versions, this results in a Rust "panic" during key construction. Note that an attacker can trigger this situation even in places where applications don't expect to handle foreign key material, for example while attempting to receive a message.

For more information on the rsa crate vulnerability, see https://github.com/RustCrypto/RSA/security/advisories/GHSA-9c48-w39g-hm26 and https://github.com/RustCrypto/RSA/pull/624. In rPGP, this has been fixed via https://github.com/rpgp/rpgp/pull/698.

Impact

This issue impacts availability (i.e. applications can crash).

Affected rPGP versions: rPGP 0.16.0-alpha.0 to 0.18.0 Vulnerable rsa versions: all before version 0.9.10

Workaround

The issue depends on the combination of affected rPGP and rsa versions. Users of affected rPGP versions can pin the patched rsa 0.9.10 via a cargo lockfile to mitigate the issue.

Attribution

Discovered by Christian Reitter from Radically Open Security during a security review for Proton AG.

Severity ?
8.7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "pgp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.16.0-alpha.0"
            },
            {
              "fixed": "0.19.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-703"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-13T20:54:19Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nIt was possible to trigger an unhandled edge case in the Rust Crypto rsa crate through rPGP packet parsing functionality, and crash the process that runs rPGP. This problem has been patched in a new rsa version. The new release of rPGP ensures a patched version of the rsa crate is in use, which prevents this issue.\n\n### Details\nWhile parsing a special RSA secret key packet, rPGP calls the rsa crate with the provided key. On vulnerable versions, this results in a Rust \"panic\" during key construction. Note that an attacker can trigger this situation even in places where applications don\u0027t expect to handle foreign key material, for example while attempting to receive a message.\n\nFor more information on the rsa crate vulnerability, see https://github.com/RustCrypto/RSA/security/advisories/GHSA-9c48-w39g-hm26 and https://github.com/RustCrypto/RSA/pull/624.\nIn rPGP, this has been fixed via https://github.com/rpgp/rpgp/pull/698.\n\n### Impact\nThis issue impacts availability (i.e. applications can crash).\n\nAffected rPGP versions: rPGP 0.16.0-alpha.0 to 0.18.0\nVulnerable rsa versions: all before version 0.9.10\n\n### Workaround\nThe issue depends on the combination of affected rPGP and rsa versions. Users of affected rPGP versions can pin the patched rsa 0.9.10 via a cargo lockfile to mitigate the issue.\n\n### Attribution\nDiscovered by Christian Reitter from Radically Open Security during a security review for Proton AG.",
  "id": "GHSA-7587-4wv6-m68m",
  "modified": "2026-02-13T20:54:19Z",
  "published": "2026-02-13T20:54:19Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rpgp/rpgp/security/advisories/GHSA-7587-4wv6-m68m"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rpgp/rpgp/pull/698"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rpgp/rpgp/commit/38efa49ce18b3821649de9cd8dea88a959b833a5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rpgp/rpgp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.