Lucene search

K

GoogleOSV:GHSA-VF4W-FG7R-5V94

HistoryApr 07, 2021 - 8:56 p.m.

Improper Certificate Validation in phpseclib

2021-04-0720:56:55

Google

osv.dev

16

phpseclib

certificate validation

rsa pkcs#1

software security

EPSS

0.003

Percentile

68.4%

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.

References

github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2021-30130.yaml

github.com/phpseclib/phpseclib/pull/1635

github.com/phpseclib/phpseclib/releases/tag/2.0.31

github.com/phpseclib/phpseclib/releases/tag/3.0.7

lists.debian.org/debian-lts-announce/2022/11/msg00024.html

lists.debian.org/debian-lts-announce/2022/11/msg00025.html

nvd.nist.gov/vuln/detail/CVE-2021-30130

EPSS

0.003

Percentile

68.4%

Related for OSV:GHSA-VF4W-FG7R-5V94

veracode1 ubuntucve1 friendsofphp2 nvd1 cvelist1 osv3 debian2 prion1 nessus2 openvas2 cve1 debiancve1 github1