GHSA-2F25-PFQ3-C7H8 Phpseclib needs guardrails on large binaryfield integers

Impact Anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc Patches https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f Workarounds No. References...

Duplicate Advisory: phpseclib vulnerable to denial of service

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f25-pfq3-c7h8. This link is maintained to preserve external references. Original Description In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees in binary fields can lead to a denial...

SUSE CVE-2011-1945

The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine...

USN-1357-1: OpenSSL vulnerabilities

It was discovered that the elliptic curve cryptography ECC subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm ECDSA for the ECDHEECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timi...