VulnerableCode Package Details - pkg:deb/debian/phpseclib@1.0.20-1%2Bdeb12u3?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8h2u-szq5-13ar	Name confusion in x509 Subject Alternative Name fields In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.	CVE-2023-52892 GHSA-ff7q-6vwh-v9m4
VCID-ku5e-5j7s-qyc9	phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack ### Impact Those using AES in CBC mode may be susceptible to a padding oracle timing attack. ### Patches https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788 ### Workarounds Use AES in CTR, CFB or OFB modes	CVE-2026-32935 GHSA-94g3-g5v7-q4jg

Vulnerability

Summary

Aliases

VCID-8h2u-szq5-13ar

Name confusion in x509 Subject Alternative Name fields In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

CVE-2023-52892
GHSA-ff7q-6vwh-v9m4

VCID-ku5e-5j7s-qyc9

phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack ### Impact Those using AES in CBC mode may be susceptible to a padding oracle timing attack. ### Patches https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788 ### Workarounds Use AES in CTR, CFB or OFB modes

CVE-2026-32935
GHSA-94g3-g5v7-q4jg

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:13:57.854365+00:00	Debian Importer	Fixing	VCID-ku5e-5j7s-qyc9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:42:11.148155+00:00	Debian Importer	Fixing	VCID-8h2u-szq5-13ar	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:38:16.578163+00:00	Debian Importer	Fixing	VCID-ku5e-5j7s-qyc9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:27:10.375808+00:00	Debian Importer	Fixing	VCID-8h2u-szq5-13ar	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:56.856754+00:00	Debian Importer	Fixing	VCID-ku5e-5j7s-qyc9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:56.713429+00:00	Debian Importer	Fixing	VCID-8h2u-szq5-13ar	https://security-tracker.debian.org/tracker/data/json	38.1.0