Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-mc2v-gtgm-d3g5

Summary An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.

Aliases

alias	CVE-2024-27354

Fixed_packages

url pkg:deb/debian/php-phpseclib@2.0.30-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/php-phpseclib@2.0.30-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qj3-a1sx-kubr

vulnerability	VCID-96xr-m836-f7cq

vulnerability	VCID-ejz5-zmbt-afbg

vulnerability	VCID-hyua-p4yb-byh1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.30-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.42-1%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u5?distro=trixie
purl	pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.42-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/php-phpseclib@2.0.47-1?distro=trixie
purl	pkg:deb/debian/php-phpseclib@2.0.47-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.47-1%3Fdistro=trixie

url	pkg:deb/debian/php-phpseclib@2.0.48-3%2Bdeb13u3?distro=trixie
purl	pkg:deb/debian/php-phpseclib@2.0.48-3%2Bdeb13u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.48-3%252Bdeb13u3%3Fdistro=trixie

url	pkg:deb/debian/php-phpseclib@2.0.54-1?distro=trixie
purl	pkg:deb/debian/php-phpseclib@2.0.54-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.54-1%3Fdistro=trixie

url	pkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u3?distro=trixie
purl	pkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.19-1%252Bdeb12u3%3Fdistro=trixie

url	pkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u6?distro=trixie
purl	pkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.19-1%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/php-phpseclib3@3.0.36-1?distro=trixie
purl	pkg:deb/debian/php-phpseclib3@3.0.36-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.36-1%3Fdistro=trixie

url	pkg:deb/debian/php-phpseclib3@3.0.43-2%2Bdeb13u3?distro=trixie
purl	pkg:deb/debian/php-phpseclib3@3.0.43-2%2Bdeb13u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.43-2%252Bdeb13u3%3Fdistro=trixie

url	pkg:deb/debian/php-phpseclib3@3.0.52-2?distro=trixie
purl	pkg:deb/debian/php-phpseclib3@3.0.52-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.52-2%3Fdistro=trixie

url	pkg:deb/debian/php-phpseclib3@3.0.53-1?distro=trixie
purl	pkg:deb/debian/php-phpseclib3@3.0.53-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.53-1%3Fdistro=trixie

url pkg:deb/debian/phpseclib@1.0.19-3%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/phpseclib@1.0.19-3%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-96xr-m836-f7cq

vulnerability	VCID-hyua-p4yb-byh1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpseclib@1.0.19-3%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/phpseclib@1.0.20-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/phpseclib@1.0.20-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpseclib@1.0.20-1%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/phpseclib@1.0.20-1%2Bdeb12u5?distro=trixie
purl	pkg:deb/debian/phpseclib@1.0.20-1%2Bdeb12u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpseclib@1.0.20-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/phpseclib@1.0.23-1?distro=trixie
purl	pkg:deb/debian/phpseclib@1.0.23-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpseclib@1.0.23-1%3Fdistro=trixie

url	pkg:deb/debian/phpseclib@1.0.23-6%2Bdeb13u3?distro=trixie
purl	pkg:deb/debian/phpseclib@1.0.23-6%2Bdeb13u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpseclib@1.0.23-6%252Bdeb13u3%3Fdistro=trixie

url	pkg:deb/debian/phpseclib@1.0.29-1?distro=trixie
purl	pkg:deb/debian/phpseclib@1.0.29-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpseclib@1.0.29-1%3Fdistro=trixie

Affected_packages

References

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27354

reference_url

https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b

reference_id

ee72f3c2a00590812b2ea3c0c8890e0b

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/

url

https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b

reference_url

https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html

reference_id

msg00002.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/

url

https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html

reference_id

msg00003.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/

url

https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html

reference_url

https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49

reference_id

PrimeField.php#L49

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/

url

https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49

Weaknesses

Exploits

Severity_range_score 7.5 - 7.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mc2v-gtgm-d3g5

Vulnerability Instance