Search for packages
| purl | pkg:composer/phpseclib/phpseclib@3.0.34 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6xjw-f9xu-fkg8
Aliases: CVE-2024-27354 GHSA-hg35-mp25-qf6h |
phpseclib a large prime can cause a denial of service An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560. |
Affected by 1 other vulnerability. |
|
VCID-ars3-xpyv-jbf1
Aliases: CVE-2024-27355 GHSA-jr22-8qgm-4q87 |
phpseclib does not properly limit the ASN1 OID length An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID). |
Affected by 1 other vulnerability. |
|
VCID-ku5e-5j7s-qyc9
Aliases: CVE-2026-32935 GHSA-94g3-g5v7-q4jg |
phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack ### Impact Those using AES in CBC mode may be susceptible to a padding oracle timing attack. ### Patches https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788 ### Workarounds Use AES in CTR, CFB or OFB modes |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-zxph-sjym-kqhg | phpseclib vulnerable to denial of service In Math/BinaryField.php in phpseclib before 3.0.34, excessively large degrees can lead to a denial of service. |
CVE-2023-49316
GHSA-jpr7-q523-hx25 |