10 matches found
CVE-2026-44167
A flaw was found in phpseclib, a PHP secure communications library. This vulnerability allows a remote attacker to trigger a denial of service by providing specially crafted, untrusted ASN.1 Abstract Syntax Notation One files, such as X.509 certificates or RSA private/public keys. This issue is a...
CVE-2026-44167
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...
CVE-2026-44167
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...
phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()
Impact Anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc Patches https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc Workarounds No. References...
Linux Distros Unpatched Vulnerability : CVE-2024-27355
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, ...
[SECURITY] [DLA 3749-1] phpseclib security update
Debian LTS Advisory DLA-3749-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 05, 2024 https://wiki.debian.org/LTS Package : phpseclib Version : 1.0.19-3deb10u3 CVE ID : CVE-2024-27354 CVE-2024-27355 Security issues were discovered in phpseclib, a PHP librar...
Debian dla-3750 : php-phpseclib - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3750 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3750-1 [email protected]...
CVE-2024-27355
CVE-2024-27355 affects phpseclib when parsing the ASN.1 certificate OID, where a crafted sub-identifier can cause a denial of service due to excessive CPU usage during decodeOID. Affected versions are 1.x < 1.0.23, 2.x < 2.0.47, and 3.x
CVE-2024-27355
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...
CVE-2024-27355
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...