VulnerableCode Package Details - pkg:composer/phpseclib/phpseclib@2.0.0-2.0.47

Search for packages

Package details: pkg:composer/phpseclib/phpseclib@2.0.0-2.0.47

Essentials
History (1)

purl	pkg:composer/phpseclib/phpseclib@2.0.0-2.0.47
Tags	Ghost

Next non-vulnerable version	2.0.47
Latest non-vulnerable version	3.0.36
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-8knv-9pae-aaad Aliases: CVE-2024-27354 GHSA-hg35-mp25-qf6h	An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.	2.0.47 Affected by 0 other vulnerabilities. 3.0.36 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-8knv-9pae-aaad
Aliases:
CVE-2024-27354
GHSA-hg35-mp25-qf6h

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.

2.0.47
Affected by 0 other vulnerabilities.

3.0.36
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-04-23T17:43:12.651839+00:00	GitLab Importer	Affected by	VCID-8knv-9pae-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpseclib/phpseclib/CVE-2024-27354.yml	34.0.0rc4