Lucene search
K
PhpseclibPhpseclib

9 matches found

CVE
CVE
added 2024/03/01 12:0 a.m.3905 views

CVE-2024-27355

CVE-2024-27355 affects phpseclib when parsing the ASN.1 certificate OID, where a crafted sub-identifier can cause a denial of service due to excessive CPU usage during decodeOID. Affected versions are 1.x < 1.0.23, 2.x < 2.0.47, and 3.x

7.5CVSS7.2AI score0.00569EPSS
CVE
CVE
added 2024/03/01 12:0 a.m.3510 views

CVE-2024-27354

CVE-2024-27354 affects phpseclib 1.x < 1.0.23, 2.x < 2.0.47, and 3.x

7.5CVSS7.1AI score0.00601EPSS
CVE
CVE
added 2021/04/06 12:0 a.m.89 views

CVE-2021-30130

CVE-2021-30130 affects phpseclib prior to 2.0.31 and 3.x prior to 3.0.7, where RSA PKCS#1 v1.5 signature verification is mishandled. This could allow attackers to bypass certain authorization checks due to invalid signatures being accepted. Ubuntu/Debian advisories and Debian security trackers do...

7.5CVSS7.3AI score0.01085EPSS
CVE
CVE
added 2023/03/03 12:0 a.m.85 views

CVE-2023-27560

CVE-2023-27560 affects phpseclib; the issue was a vulnerability in Math/PrimeField.php where phpseclib 3.x before 3.0.19 exhibited an infinite loop with composite primefields, enabling high-impact denial of service. The CVSS indicates NETWORK access, low attack complexity, no privileges, and avai...

7.5CVSS7.3AI score0.00815EPSS
CVE
CVE
added 2024/06/27 12:0 a.m.78 views

CVE-2023-52892

The CVE-2023-52892 issue in phpseclib affects TLS hostname verification: in phpseclib versions before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, certain characters in Subject Alternative Name fields can be interpreted with special regex meaning (e.g., a + wildcard), causing name confusion ...

7.5CVSS6.9AI score0.00376EPSS
CVE
CVE
added 2023/11/27 12:0 a.m.72 views

CVE-2023-49316

CVE-2023-49316 affects phpseclib 3.x prior to 3.0.34, where excessively large degrees in the Math/BinaryField.php implementation can lead to a denial of service. The published fix is in PHPseclib 3.0.34 (see release/commit references). The vulnerability is a DoS condition with network attack vect...

7.5CVSS7.2AI score0.00762EPSS
CVE
CVE
added 2026/04/10 8:24 p.m.48 views

CVE-2026-40194

CVE-2026-40194 affects the phpseclib PHP secure communications library. Prior to versions 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() compares the received SSH packet HMAC to the computed HMAC using the != operator. In PHP, != on equal-length binary strings invokes memcmp(...

3.7CVSS5.8AI score0.00334EPSS
CVE
CVE
added 2026/03/20 2:48 a.m.26 views

CVE-2026-32935

CVE-2026-32935 affects phpseclib with AES-CBC padding oracle timing vulnerability. Affected versions: 1.0.26 and below; 2.0.0–2.0.51; 3.0.0–3.0.49. Root cause: short-circuiting in the unpadding function enables timing leakage. Impact per sources: potential confidentiality impact (C) with high lik...

8.2CVSS5.7AI score0.00374EPSS
CVE
CVE
added 2026/06/22 8:0 p.m.13 views

CVE-2026-55599

phpseclib (versions 0.1.1 through 1.0.30, 2.0.55, and 3.0.54) vulnerability: X509::validateSignature() reads a URL from the certificate's Authority Information Access extension and connects to it, enabling an attacker supplying a cert to fully control the outbound connection (host, port, path). T...

5.8CVSS5.9AI score0.00133EPSS