249 matches found
EUVD-2026-21597
phpseclib has a variable-time HMAC comparison in SSH2::getbinarypacket using != instead of hashequals...
GHSA-R854-JRXH-36QX phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...
phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...
CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...
CVE-2026-40194
CVE-2026-40194 affects the phpseclib PHP secure communications library. Prior to versions 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() compares the received SSH packet HMAC to the computed HMAC using the != operator. In PHP, != on equal-length binary strings invokes memcmp(...
CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...
CVE-2026-40194
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...
CVE-2026-40194
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...
CVE-2026-40194
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...
PT-2026-32042
Name of the Vulnerable Software and Affected Versions: phpseclib versions 1.0 through 3.0.50 Description: phpseclib versions prior to 3.0.51, 2.0.53, and 1.0.28 have a timing issue in the phpseclibNetSSH2::get binary packet function. The use of PHP's != operator for comparing SSH packet HMACs...
phpseclib 安全漏洞
phpseclib is an open-source PHP security communication library developed by phpseclib. Versions prior to 3.0.51, 2.0.53, and 1.0.28 have security vulnerabilities. These vulnerabilities stem from the use of the PHP “!” operator in phpseclib’s NetSSH2::getbinarypacket function, which compares the...
Debian: Security Advisory (DLA-4518-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 42 Update: php-phpseclib3-3.0.50-1.fc42
MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...
[SECURITY] [DLA 4518-1] phpseclib security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4518-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 30, 2026 https://wiki.debian.org/LTS -...
[SECURITY] Fedora 43 Update: php-phpseclib3-3.0.50-1.fc43
MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...
Debian dla-4518 : php-seclib - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4518 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4518-1 [email protected]...
Fedora 43 : php-phpseclib3 (2026-b7d9416ec4)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b7d9416ec4 advisory. Update to v3.0.50; contains fix for CVE-2026-32935 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...
Debian: Security Advisory (DSA-6186-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2026-bfeb46516b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DLA-4518-1 phpseclib - security update
Bulletin has no description...