CVE CyberSecurity Database News

CVE-2024-53857 - How Crafted Messages Can Exhaust Your Resources in rPGP (Rust OpenPGP) — Exploit Analysis & Guide

Poster -

CVE-2024-53857 is a newly discovered vulnerability found in rPGP, a popular and pure Rust implementation of the OpenPGP standard. This bug, which affected all versions before .14.1, allows attackers to exhaust the resources of systems parsing or decrypting specially crafted messages. If you're running software that uses rPGP for encryption or decryption, you must upgrade immediately — let's break down why.

What is rPGP?

rPGP is a safe, modern implementation of the OpenPGP specification written in Rust. It's used for encrypting, decrypting, signing, and verifying messages and files. Many Rust projects rely on it for robust, memory-safe cryptography.

What Happens?

With CVE-2024-53857, an attacker can send carefully crafted (malicious) messages to a system running rPGP. During parsing or symmetric decryption, these malicious messages can cause the system to use up all its available CPU, memory, or both — leading to resource exhaustion.

Result:
The system slows down, becomes unresponsive, or even crashes. This means a hacker can knock over services remotely just by sending messages.

Behind the Bug

The bug lies in how rPGP handled data structures during parsing and decryption. It didn't make enough checks about how large or complicated a message could be. So, if an attacker sends a gigantic or deeply nested message, your system could spend a huge amount of time and memory trying to process it.

Code Example: Exploitation Setup

Here's a minimal Rust code-snippet showing how you might trigger the issue in a vulnerable version of rpgp (pre-.14.1):

use std::fs::File;
use std::io::Read;
use rpgp::Message;

fn main() {
    // Suppose 'attack.pgp' is an attacker-controlled crafted file
    let mut file = File::open("attack.pgp").unwrap();
    let mut data = Vec::new();
    file.read_to_end(&mut data).unwrap();

    // Vulnerable call, can cause resource exhaustion
    let message = Message::from_bytes(&data).unwrap();

    println!("Message parsed: {:?}", message);
}

If attack.pgp contains a specially crafted payload (see exploit description below), this from_bytes call may eat all RAM or CPU and never return.

Has deeply nested structures (e.g. recursive encryption subpackets).

When rPGP tries to parse or decrypt, it doesn't stop at a reasonable depth or size, and wastes all resources.

Example Exploit (in Pseudocode)

# Generates a PGP literal packet with a length field of xffffffff (huge!)
write_byte(xC | xB)        # New Format Packet Tag for Literal Data
write_uint32(xffffffff)       # Length: 4 GB (malicious)
write_bytes("A" * (1 << 30))   # 1 GB of data (you can adjust as needed)

Deliver this to a service running rpgp — parsing will stall or crash.

Real-World Impact

- Denial of Service (DoS): An attacker can knock over email servers, bots, or applications using vulnerable rPGP.
- Chained attacks: If your application decrypts untrusted data, an attacker could provide this as input and tie up your resources — opening you up for broader exploitation.

Upgrade rPGP to version .14.1 or later.

See the changelog here

Validate all incoming PGP data.

Limit file size and/or parsing depth if possible.

References and Further Reading

- Official GitHub Security Advisory
- CVE-2024-53857 on NVD
- rPGP Crate on crates.io

Conclusion

CVE-2024-53857 is a classic example of why cryptographic parsers must be careful about untrusted data. If you're using rPGP below version .14.1, you are vulnerable to trivial denial-of-service attacks. Patch now, limit the input you accept, and always scrutinize crypto libraries for timely updates.

Timeline

Published on: 12/05/2024 16:15:26 UTC