Severity : Medium When the pure-Rust backend initialises a Blowfish context, it extends the caller-provided session key to the cipher's 56-byte requirement by cloning the original 16-byte key into a new `Vec<u8>` and padding it with zeros before passing a slice to `GenericArray::try_from_slice`. Once the context is built, the temporary `Vec` is dropped without ever being scrubbed, leaving the original key bytes in heap memory.【F:openpgp/src/crypto/backend/rust/symmetric.rs†L509-L521】 Any process-level adversary (core dump, allocator hooks, after-free reads) can recover the session key from that stale allocation despite Sequoia otherwise wrapping keys in `Protected`. On drop the allocator prints the padded buffer, whose prefix still contains the original 16-byte session key. Because the vector is never wiped, the key stays recoverable for any attacker who can observe heap contents. Last commint hash \`05e6707ad2c68fa52a30c3c9a21d54dc00089919\`