Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities found for phpseclib by phpseclib
CVE-2026-44167 (GCVE-0-2026-44167)
Vulnerability from nvd – Published: 2026-05-12 17:22 – Updated: 2026-05-14 19:24
VLAI
Title
phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()
Summary
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/phpseclib/phpseclib/security/a… | x_refsource_CONFIRM |
| https://github.com/phpseclib/phpseclib/commit/d53… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T19:23:26.054244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:24:44.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpseclib",
"vendor": "phpseclib",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.52"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.54"
},
{
"status": "affected",
"version": "\u003e= 0.1.1, \u003c 1.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T17:22:14.764Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-3qpq-r242-jqj7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-3qpq-r242-jqj7"
},
{
"name": "https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc"
}
],
"source": {
"advisory": "GHSA-3qpq-r242-jqj7",
"discovery": "UNKNOWN"
},
"title": "phpseclib: CVE-2024-27355 mitigation bypass \u2014 OID amplification DoS in ASN1::decodeOID()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44167",
"datePublished": "2026-05-12T17:22:14.764Z",
"dateReserved": "2026-05-05T14:39:34.923Z",
"dateUpdated": "2026-05-14T19:24:44.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40194 (GCVE-0-2026-40194)
Vulnerability from nvd – Published: 2026-04-10 20:24 – Updated: 2026-05-08 15:18
VLAI
Title
phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
Summary
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/phpseclib/phpseclib/security/a… | x_refsource_CONFIRM |
| https://github.com/phpseclib/phpseclib/commit/ffe… | x_refsource_MISC |
| https://github.com/phpseclib/phpseclib/releases/t… | x_refsource_MISC |
| https://github.com/phpseclib/phpseclib/releases/t… | x_refsource_MISC |
| https://github.com/phpseclib/phpseclib/releases/t… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40194",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T15:28:24.152831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T15:35:24.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpseclib",
"vendor": "phpseclib",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.1.1, \u003c 1.0.28"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.53"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\\Net\\SSH2::get_binary_packet() uses PHP\u0027s != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T15:18:43.231Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx"
},
{
"name": "https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac"
},
{
"name": "https://github.com/phpseclib/phpseclib/releases/tag/1.0.28",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/1.0.28"
},
{
"name": "https://github.com/phpseclib/phpseclib/releases/tag/2.0.53",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/2.0.53"
},
{
"name": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.51",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.51"
}
],
"source": {
"advisory": "GHSA-r854-jrxh-36qx",
"discovery": "UNKNOWN"
},
"title": "phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40194",
"datePublished": "2026-04-10T20:24:06.696Z",
"dateReserved": "2026-04-09T20:59:17.620Z",
"dateUpdated": "2026-05-08T15:18:43.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32935 (GCVE-0-2026-32935)
Vulnerability from nvd – Published: 2026-03-20 02:48 – Updated: 2026-05-08 15:19
VLAI
Title
phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
Summary
phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/phpseclib/phpseclib/security/a… | x_refsource_CONFIRM |
| https://github.com/phpseclib/phpseclib/commit/ccc… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T16:31:59.292752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T16:32:34.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpseclib",
"vendor": "phpseclib",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.50"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.52"
},
{
"status": "affected",
"version": "\u003e= 0.1.1, \u003c 1.0.27"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T15:19:11.716Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg"
},
{
"name": "https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788"
}
],
"source": {
"advisory": "GHSA-94g3-g5v7-q4jg",
"discovery": "UNKNOWN"
},
"title": "phpseclib\u0027s AES-CBC unpadding susceptible to padding oracle timing attack"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32935",
"datePublished": "2026-03-20T02:48:59.778Z",
"dateReserved": "2026-03-17T00:05:53.282Z",
"dateUpdated": "2026-05-08T15:19:11.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52892 (GCVE-0-2023-52892)
Vulnerability from nvd – Published: 2024-06-27 00:00 – Updated: 2024-08-21 20:02
VLAI
Summary
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-436 - Interpretation Conflict
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/issues/1943"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.33"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/x509-name-testing/name_testing_artifacts"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpseclib",
"vendor": "phpseclib",
"versions": [
{
"lessThan": "1.0.22",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.0.46",
"status": "affected",
"version": "2.0",
"versionType": "custom"
},
{
"lessThan": "3.0.33",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T19:54:11.710267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436 Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:02:23.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T21:31:34.635Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/issues/1943"
},
{
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.33"
},
{
"url": "https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627"
},
{
"url": "https://github.com/x509-name-testing/name_testing_artifacts"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52892",
"datePublished": "2024-06-27T00:00:00.000Z",
"dateReserved": "2024-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-21T20:02:23.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27355 (GCVE-0-2024-27355)
Vulnerability from nvd – Published: 2024-03-01 00:00 – Updated: 2024-08-13 13:38
VLAI
Summary
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:51.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3749-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3750-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpseclib",
"vendor": "phpseclib",
"versions": [
{
"lessThan": "1.0.23",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThan": "2.0.47",
"status": "affected",
"version": "2.0",
"versionType": "custom"
},
{
"lessThan": "3.0.36",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:10:07.399957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:38:16.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T15:06:02.520Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129"
},
{
"url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3749-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3750-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-27355",
"datePublished": "2024-03-01T00:00:00.000Z",
"dateReserved": "2024-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-13T13:38:16.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27354 (GCVE-0-2024-27354)
Vulnerability from nvd – Published: 2024-03-01 00:00 – Updated: 2025-04-22 15:44
VLAI
Summary
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpseclib:1x:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "1x",
"vendor": "phpseclib",
"versions": [
{
"lessThan": "1.0.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phpseclib:2x:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "2x",
"vendor": "phpseclib",
"versions": [
{
"lessThan": "2.0.47",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phpseclib:3x:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "3x",
"vendor": "phpseclib",
"versions": [
{
"lessThan": "3.0.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:59:46.617242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:44:47.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:51.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3749-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3750-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T15:06:04.069Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49"
},
{
"url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3749-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3750-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-27354",
"datePublished": "2024-03-01T00:00:00.000Z",
"dateReserved": "2024-02-25T00:00:00.000Z",
"dateUpdated": "2025-04-22T15:44:47.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49316 (GCVE-0-2023-49316)
Vulnerability from nvd – Published: 2023-11-27 00:00 – Updated: 2024-08-02 21:53
VLAI
Summary
In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T03:15:13.625Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f"
},
{
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49316",
"datePublished": "2023-11-27T00:00:00.000Z",
"dateReserved": "2023-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:53:45.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27560 (GCVE-0-2023-27560)
Vulnerability from nvd – Published: 2023-03-03 00:00 – Updated: 2025-03-06 20:19
VLAI
Summary
Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.19"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T20:16:55.432124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T20:19:00.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440"
},
{
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.19"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-27560",
"datePublished": "2023-03-03T00:00:00.000Z",
"dateReserved": "2023-03-03T00:00:00.000Z",
"dateUpdated": "2025-03-06T20:19:00.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30130 (GCVE-0-2021-30130)
Vulnerability from nvd – Published: 2021-04-06 00:00 – Updated: 2024-08-03 22:24
VLAI
Summary
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/pull/1635"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/2.0.31"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3197-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3198-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-17T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/pull/1635"
},
{
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.7"
},
{
"url": "https://github.com/phpseclib/phpseclib/releases/tag/2.0.31"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3197-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3198-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30130",
"datePublished": "2021-04-06T00:00:00.000Z",
"dateReserved": "2021-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:24:59.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-44167 (GCVE-0-2026-44167)
Vulnerability from cvelistv5 – Published: 2026-05-12 17:22 – Updated: 2026-05-14 19:24
VLAI
Title
phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()
Summary
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/phpseclib/phpseclib/security/a… | x_refsource_CONFIRM |
| https://github.com/phpseclib/phpseclib/commit/d53… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T19:23:26.054244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:24:44.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpseclib",
"vendor": "phpseclib",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.52"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.54"
},
{
"status": "affected",
"version": "\u003e= 0.1.1, \u003c 1.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T17:22:14.764Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-3qpq-r242-jqj7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-3qpq-r242-jqj7"
},
{
"name": "https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc"
}
],
"source": {
"advisory": "GHSA-3qpq-r242-jqj7",
"discovery": "UNKNOWN"
},
"title": "phpseclib: CVE-2024-27355 mitigation bypass \u2014 OID amplification DoS in ASN1::decodeOID()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44167",
"datePublished": "2026-05-12T17:22:14.764Z",
"dateReserved": "2026-05-05T14:39:34.923Z",
"dateUpdated": "2026-05-14T19:24:44.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40194 (GCVE-0-2026-40194)
Vulnerability from cvelistv5 – Published: 2026-04-10 20:24 – Updated: 2026-05-08 15:18
VLAI
Title
phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
Summary
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/phpseclib/phpseclib/security/a… | x_refsource_CONFIRM |
| https://github.com/phpseclib/phpseclib/commit/ffe… | x_refsource_MISC |
| https://github.com/phpseclib/phpseclib/releases/t… | x_refsource_MISC |
| https://github.com/phpseclib/phpseclib/releases/t… | x_refsource_MISC |
| https://github.com/phpseclib/phpseclib/releases/t… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40194",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T15:28:24.152831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T15:35:24.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpseclib",
"vendor": "phpseclib",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.1.1, \u003c 1.0.28"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.53"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\\Net\\SSH2::get_binary_packet() uses PHP\u0027s != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T15:18:43.231Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx"
},
{
"name": "https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac"
},
{
"name": "https://github.com/phpseclib/phpseclib/releases/tag/1.0.28",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/1.0.28"
},
{
"name": "https://github.com/phpseclib/phpseclib/releases/tag/2.0.53",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/2.0.53"
},
{
"name": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.51",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.51"
}
],
"source": {
"advisory": "GHSA-r854-jrxh-36qx",
"discovery": "UNKNOWN"
},
"title": "phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40194",
"datePublished": "2026-04-10T20:24:06.696Z",
"dateReserved": "2026-04-09T20:59:17.620Z",
"dateUpdated": "2026-05-08T15:18:43.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32935 (GCVE-0-2026-32935)
Vulnerability from cvelistv5 – Published: 2026-03-20 02:48 – Updated: 2026-05-08 15:19
VLAI
Title
phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
Summary
phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/phpseclib/phpseclib/security/a… | x_refsource_CONFIRM |
| https://github.com/phpseclib/phpseclib/commit/ccc… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T16:31:59.292752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T16:32:34.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpseclib",
"vendor": "phpseclib",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.50"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.52"
},
{
"status": "affected",
"version": "\u003e= 0.1.1, \u003c 1.0.27"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T15:19:11.716Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg"
},
{
"name": "https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788"
}
],
"source": {
"advisory": "GHSA-94g3-g5v7-q4jg",
"discovery": "UNKNOWN"
},
"title": "phpseclib\u0027s AES-CBC unpadding susceptible to padding oracle timing attack"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32935",
"datePublished": "2026-03-20T02:48:59.778Z",
"dateReserved": "2026-03-17T00:05:53.282Z",
"dateUpdated": "2026-05-08T15:19:11.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52892 (GCVE-0-2023-52892)
Vulnerability from cvelistv5 – Published: 2024-06-27 00:00 – Updated: 2024-08-21 20:02
VLAI
Summary
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-436 - Interpretation Conflict
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/issues/1943"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.33"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/x509-name-testing/name_testing_artifacts"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpseclib",
"vendor": "phpseclib",
"versions": [
{
"lessThan": "1.0.22",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.0.46",
"status": "affected",
"version": "2.0",
"versionType": "custom"
},
{
"lessThan": "3.0.33",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T19:54:11.710267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436 Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:02:23.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T21:31:34.635Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/issues/1943"
},
{
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.33"
},
{
"url": "https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627"
},
{
"url": "https://github.com/x509-name-testing/name_testing_artifacts"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52892",
"datePublished": "2024-06-27T00:00:00.000Z",
"dateReserved": "2024-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-21T20:02:23.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27355 (GCVE-0-2024-27355)
Vulnerability from cvelistv5 – Published: 2024-03-01 00:00 – Updated: 2024-08-13 13:38
VLAI
Summary
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:51.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3749-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3750-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpseclib",
"vendor": "phpseclib",
"versions": [
{
"lessThan": "1.0.23",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThan": "2.0.47",
"status": "affected",
"version": "2.0",
"versionType": "custom"
},
{
"lessThan": "3.0.36",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:10:07.399957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:38:16.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T15:06:02.520Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129"
},
{
"url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3749-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3750-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-27355",
"datePublished": "2024-03-01T00:00:00.000Z",
"dateReserved": "2024-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-13T13:38:16.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27354 (GCVE-0-2024-27354)
Vulnerability from cvelistv5 – Published: 2024-03-01 00:00 – Updated: 2025-04-22 15:44
VLAI
Summary
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpseclib:1x:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "1x",
"vendor": "phpseclib",
"versions": [
{
"lessThan": "1.0.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phpseclib:2x:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "2x",
"vendor": "phpseclib",
"versions": [
{
"lessThan": "2.0.47",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phpseclib:3x:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "3x",
"vendor": "phpseclib",
"versions": [
{
"lessThan": "3.0.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:59:46.617242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:44:47.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:51.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3749-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3750-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T15:06:04.069Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49"
},
{
"url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3749-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20240305 [SECURITY] [DLA 3750-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-27354",
"datePublished": "2024-03-01T00:00:00.000Z",
"dateReserved": "2024-02-25T00:00:00.000Z",
"dateUpdated": "2025-04-22T15:44:47.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49316 (GCVE-0-2023-49316)
Vulnerability from cvelistv5 – Published: 2023-11-27 00:00 – Updated: 2024-08-02 21:53
VLAI
Summary
In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T03:15:13.625Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f"
},
{
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49316",
"datePublished": "2023-11-27T00:00:00.000Z",
"dateReserved": "2023-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:53:45.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27560 (GCVE-0-2023-27560)
Vulnerability from cvelistv5 – Published: 2023-03-03 00:00 – Updated: 2025-03-06 20:19
VLAI
Summary
Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.19"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T20:16:55.432124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T20:19:00.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440"
},
{
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.19"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-27560",
"datePublished": "2023-03-03T00:00:00.000Z",
"dateReserved": "2023-03-03T00:00:00.000Z",
"dateUpdated": "2025-03-06T20:19:00.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30130 (GCVE-0-2021-30130)
Vulnerability from cvelistv5 – Published: 2021-04-06 00:00 – Updated: 2024-08-03 22:24
VLAI
Summary
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/pull/1635"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpseclib/phpseclib/releases/tag/2.0.31"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3197-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3198-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-17T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phpseclib/phpseclib/pull/1635"
},
{
"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.7"
},
{
"url": "https://github.com/phpseclib/phpseclib/releases/tag/2.0.31"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3197-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3198-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30130",
"datePublished": "2021-04-06T00:00:00.000Z",
"dateReserved": "2021-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:24:59.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}