Lucene search

K

Veracode Vulnerability DatabaseVERACODE:45746

HistoryMar 04, 2024 - 10:38 a.m.

Denial Of Service (DoS)

2024-03-0410:38:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6

denial of service

vulnerability

asn.1

object identifier

cpu consumption

certificate

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

15.5%

phpseclib/phpseclib is vulnerable to a Denial Of Service (DoS). The vulnerability is due to a flaw in processing the ASN.1 object identifier of a certificate in ASN1.php file, where providing a sub identifier may lead to denial of service due to excessive CPU consumption during the decodeOID operation.

References

gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b

github.com/advisories/GHSA-jr22-8qgm-4q87

github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129

github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59

lists.debian.org/debian-lts-announce/2024/03/msg00002.html

lists.debian.org/debian-lts-announce/2024/03/msg00003.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

15.5%

Related for VERACODE:45746

cvelist1 nvd1 vulnrichment1 osv4 prion1 cve1 friendsofphp1 ubuntucve1 debiancve1 github1 openvas2 debian2 nessus2