phpseclib guardrails needed on OID length

🗓️ 08 May 2026 18:24:30Reported by GitHub Advisory DatabaseType

Guardrails are needed in phpseclib to enforce OID length when loading untrusted ASN.1 files.

Reporter	Title	Published	Views	Family All 40
ATTACKERKB	CVE-2026-44167	12 May 202617:22	–	attackerkb
Circl	CVE-2024-27355	2 Mar 202400:22	–	circl
CNNVD	phpseclib security vulnerability	1 Mar 202400:00	–	cnnvd
CVE	CVE-2024-27355	1 Mar 202400:00	–	cve
Cvelist	CVE-2024-27355	1 Mar 202400:00	–	cvelist
Debian	[SECURITY] [DLA 3749-1] phpseclib security update	5 Mar 202413:57	–	debian
Debian	[SECURITY] [DLA 3750-1] php-phpseclib security update	5 Mar 202413:57	–	debian
Debian CVE	CVE-2024-27355	1 Mar 202400:00	–	debiancve
Tenable Nessus	Debian dla-3749 : php-seclib - security update	5 Mar 202400:00	–	nessus
Tenable Nessus	Debian dla-3750 : php-phpseclib - security update	5 Mar 202400:00	–	nessus

Vulners

Node

phpseclib phpseclibRange0.1.1–1.0.22composer

phpseclib phpseclibRange3.0.0–3.0.35composer

phpseclib phpseclibRange2.0.0–2.0.46composer

Source	Link
github	www.github.com/phpseclib/phpseclib/security/advisories/GHSA-f2qx-66wf-wvvx
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-27355
github	www.github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59
gist	www.gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27355.yaml
github	www.github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php
lists	www.lists.debian.org/debian-lts-announce/2024/03/msg00002.html
lists	www.lists.debian.org/debian-lts-announce/2024/03/msg00003.html
github	www.github.com/advisories/GHSA-f2qx-66wf-wvvx

08 May 2026 18:24Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.5

EPSS0.00456

SSVC