249 matches found
UBUNTU-CVE-2023-52892
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...
CVE-2023-52892
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...
CVE-2023-52892
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...
CVE-2023-52892
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...
CVE-2023-52892
The CVE-2023-52892 issue in phpseclib affects TLS hostname verification: in phpseclib versions before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, certain characters in Subject Alternative Name fields can be interpreted with special regex meaning (e.g., a + wildcard), causing name confusion ...
CVE-2023-52892
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...
PT-2024-14775 · Phpseclib +4 · Phpseclib +4
Name of the Vulnerable Software and Affected Versions: phpseclib versions 1.0.0 through 1.0.21 phpseclib versions 2.0.0 through 2.0.45 phpseclib versions 3.0.0 through 3.0.32 Description: The issue arises from the incorrect handling of certain characters in Subject Alternative Name fields within...
Debian: Security Advisory (DLA-3749-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-3750-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3749-1] phpseclib security update
Debian LTS Advisory DLA-3749-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 05, 2024 https://wiki.debian.org/LTS Package : phpseclib Version : 1.0.19-3deb10u3 CVE ID : CVE-2024-27354 CVE-2024-27355 Security issues were discovered in phpseclib, a PHP librar...
DLA-3749-1 phpseclib - security update
Bulletin has no description...
Debian dla-3750 : php-phpseclib - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3750 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3750-1 [email protected]...
Debian dla-3749 : php-seclib - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3749 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3749-1 [email protected]...
Denial Of Service (DoS)
phpseclib/phpseclib is vulnerable to a Denial Of Service DoS. The vulnerability is due to a flaw in handling malformed certificates in the phpseclib/Math/BigInteger.php file by using the method isPrime. It allows an attacker to trigger excessive CPU consumption during the isPrime primality check...
Denial Of Service (DoS)
phpseclib/phpseclib is vulnerable to a Denial Of Service DoS. The vulnerability is due to a flaw in handling malformed certificates in the phpseclib/Math/BigInteger.php file by using the method isPrime. It allows an attacker to trigger excessive CPU consumption during the isPrime primality check...
GHSA-JR22-8QGM-4Q87 Duplicate Advisory: phpseclib does not properly limit the ASN1 OID length
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f2qx-66wf-wvvx. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the...
GHSA-HG35-MP25-QF6H Duplicate Advisory: phpseclib: guardrails needed on isPrime and randomPrime
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2528-jw5q-ww88. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can...
phpseclib a large prime can cause a denial of service
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2528-jw5q-ww88. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can...
phpseclib does not properly limit the ASN1 OID length
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f2qx-66wf-wvvx. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the...
Duplicate Advisory: phpseclib does not properly limit the ASN1 OID length
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f2qx-66wf-wvvx. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the...