Lucene search
K

249 matches found

euvd
euvd
added 2026/04/10 8:58 p.m.7 views

EUVD-2026-21597

phpseclib has a variable-time HMAC comparison in SSH2::getbinarypacket using != instead of hashequals...

3.7CVSS5.8AI score0.00334EPSS
Exploits0References5
osv
osv
added 2026/04/10 8:58 p.m.6 views

GHSA-R854-JRXH-36QX phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...

3.7CVSS5.9AI score0.00334EPSS
Exploits0References7
github
github
added 2026/04/10 8:58 p.m.8 views

phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...

3.7CVSS5.9AI score0.00334EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2026/04/10 8:24 p.m.32 views

CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

3.7CVSS0.00334EPSS
Exploits0References5
cve
cve
added 2026/04/10 8:24 p.m.55 views

CVE-2026-40194

CVE-2026-40194 affects the phpseclib PHP secure communications library. Prior to versions 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() compares the received SSH packet HMAC to the computed HMAC using the != operator. In PHP, != on equal-length binary strings invokes memcmp(...

3.7CVSS5.8AI score0.00334EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2026/04/10 8:24 p.m.2 views

CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

3.7CVSS5.8AI score0.00334EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/04/10 8:24 p.m.6 views

CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

3.7CVSS5.8AI score0.00334EPSS
Exploits0References6Affected Software1
debiancve
debiancve
added 2026/04/10 8:24 p.m.9 views

CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

3.7CVSS5.8AI score0.00334EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/04/10 8:24 p.m.3 views

CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

3.7CVSS5.4AI score0.00334EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/04/10 12:0 a.m.4 views

PT-2026-32042

Name of the Vulnerable Software and Affected Versions: phpseclib versions 1.0 through 3.0.50 Description: phpseclib versions prior to 3.0.51, 2.0.53, and 1.0.28 have a timing issue in the phpseclibNetSSH2::get binary packet function. The use of PHP's != operator for comparing SSH packet HMACs...

3.7CVSS5.9AI score0.00334EPSS
Exploits0References17
cnnvd
cnnvd
added 2026/04/10 12:0 a.m.7 views

phpseclib 安全漏洞

phpseclib is an open-source PHP security communication library developed by phpseclib. Versions prior to 3.0.51, 2.0.53, and 1.0.28 have security vulnerabilities. These vulnerabilities stem from the use of the PHP “!” operator in phpseclib’s NetSSH2::getbinarypacket function, which compares the...

3.7CVSS5.8AI score0.00334EPSS
Exploits0References5
openvas
openvas
added 2026/03/31 12:0 a.m.7 views

Debian: Security Advisory (DLA-4518-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS5.9AI score0.00376EPSS
Exploits1References2
fedora
fedora
added 2026/03/30 6:41 p.m.6 views

[SECURITY] Fedora 42 Update: php-phpseclib3-3.0.50-1.fc42

MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...

8.2CVSS5.8AI score0.00374EPSS
Exploits0
debian
debian
added 2026/03/30 3:20 p.m.23 views

[SECURITY] [DLA 4518-1] phpseclib security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4518-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 30, 2026 https://wiki.debian.org/LTS -...

8.2CVSS5.9AI score0.00376EPSS
Exploits1
fedora
fedora
added 2026/03/30 12:54 a.m.4 views

[SECURITY] Fedora 43 Update: php-phpseclib3-3.0.50-1.fc43

MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...

8.2CVSS5.8AI score0.00374EPSS
Exploits0
nessus
nessus
added 2026/03/30 12:0 a.m.7 views

Debian dla-4518 : php-seclib - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4518 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4518-1 [email protected]...

8.2CVSS6AI score0.00376EPSS
Exploits1References6
nessus
nessus
added 2026/03/30 12:0 a.m.4 views

Fedora 43 : php-phpseclib3 (2026-b7d9416ec4)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b7d9416ec4 advisory. Update to v3.0.50; contains fix for CVE-2026-32935 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...

8.2CVSS6AI score0.00374EPSS
Exploits0References2
openvas
openvas
added 2026/03/30 12:0 a.m.8 views

Debian: Security Advisory (DSA-6186-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS5.9AI score0.00374EPSS
Exploits0References2
openvas
openvas
added 2026/03/30 12:0 a.m.8 views

Fedora: Security Advisory (FEDORA-2026-bfeb46516b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS5.9AI score0.00374EPSS
Exploits0References3
osv
osv
added 2026/03/30 12:0 a.m.1 views

DLA-4518-1 phpseclib - security update

Bulletin has no description...

8.2CVSS5.8AI score0.00376EPSS
Exploits1
Rows per page
Query Builder