VulnerableCode Package Details - pkg:composer/phpseclib/phpseclib@3.0.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-cgx4-cn62-9kex Aliases: CVE-2024-27354 GHSA-hg35-mp25-qf6h	phpseclib a large prime can cause a denial of service An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.	3.0.36 Affected by 0 other vulnerabilities.
VCID-k9e9-7ez7-bbcw Aliases: CVE-2024-27355 GHSA-jr22-8qgm-4q87	phpseclib does not properly limit the ASN1 OID length An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).	3.0.36 Affected by 0 other vulnerabilities.
VCID-m1b3-yync-t3bx Aliases: CVE-2023-49316 GHSA-jpr7-q523-hx25	phpseclib vulnerable to denial of service In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees in binary fields can lead to a denial of service.	3.0.34 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mdpv-8kp1-47eb Aliases: CVE-2023-27560 GHSA-hm7p-r324-hhf3	phpseclib Infinite Loop vulnerability Math/PrimeField.php in phpseclib has an infinite loop with composite primefields. This vulnerability was introduced in version 3.0.0, and has been patched in 3.0.19. The CVE for this issue originally identified the the vulnerable version as 2.x, however, the vulnerable functionality was not introduced until version 3.	3.0.19 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-u92f-5dkr-kfbx Aliases: CVE-2021-30130 GHSA-vf4w-fg7r-5v94	Improper Certificate Validation in phpseclib phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.	3.0.7 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xrdr-xpgt-qqfy Aliases: CVE-2023-52892 GHSA-ff7q-6vwh-v9m4	Name confusion in x509 Subject Alternative Name fields In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.	3.0.33 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-cgx4-cn62-9kex
Aliases:
CVE-2024-27354
GHSA-hg35-mp25-qf6h

phpseclib a large prime can cause a denial of service An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.

3.0.36
Affected by 0 other vulnerabilities.

VCID-k9e9-7ez7-bbcw
Aliases:
CVE-2024-27355
GHSA-jr22-8qgm-4q87

phpseclib does not properly limit the ASN1 OID length An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).

3.0.36
Affected by 0 other vulnerabilities.

VCID-m1b3-yync-t3bx
Aliases:
CVE-2023-49316
GHSA-jpr7-q523-hx25

phpseclib vulnerable to denial of service In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees in binary fields can lead to a denial of service.

3.0.34
Affected by 2 other vulnerabilities.

VCID-mdpv-8kp1-47eb
Aliases:
CVE-2023-27560
GHSA-hm7p-r324-hhf3

phpseclib Infinite Loop vulnerability Math/PrimeField.php in phpseclib has an infinite loop with composite primefields. This vulnerability was introduced in version 3.0.0, and has been patched in 3.0.19. The CVE for this issue originally identified the the vulnerable version as 2.x, however, the vulnerable functionality was not introduced until version 3.

3.0.19
Affected by 4 other vulnerabilities.

VCID-u92f-5dkr-kfbx
Aliases:
CVE-2021-30130
GHSA-vf4w-fg7r-5v94

Improper Certificate Validation in phpseclib phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.

3.0.7
Affected by 5 other vulnerabilities.

VCID-xrdr-xpgt-qqfy
Aliases:
CVE-2023-52892
GHSA-ff7q-6vwh-v9m4

Name confusion in x509 Subject Alternative Name fields In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

3.0.33
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T11:50:18.473456+00:00	GitLab Importer	Affected by	VCID-xrdr-xpgt-qqfy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpseclib/phpseclib/CVE-2023-52892.yml	37.0.0
2025-08-01T11:37:04.649701+00:00	GitLab Importer	Affected by	VCID-cgx4-cn62-9kex	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpseclib/phpseclib/CVE-2024-27354.yml	37.0.0
2025-08-01T11:37:04.012370+00:00	GitLab Importer	Affected by	VCID-k9e9-7ez7-bbcw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpseclib/phpseclib/CVE-2024-27355.yml	37.0.0
2025-08-01T11:26:29.037783+00:00	GitLab Importer	Affected by	VCID-m1b3-yync-t3bx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpseclib/phpseclib/CVE-2023-49316.yml	37.0.0
2025-08-01T11:02:32.979394+00:00	GitLab Importer	Affected by	VCID-mdpv-8kp1-47eb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpseclib/phpseclib/CVE-2023-27560.yml	37.0.0
2025-08-01T09:51:22.699810+00:00	GitLab Importer	Affected by	VCID-u92f-5dkr-kfbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpseclib/phpseclib/CVE-2021-30130.yml	37.0.0
2025-08-01T09:36:34.817316+00:00	GHSA Importer	Affected by	VCID-cgx4-cn62-9kex	https://github.com/advisories/GHSA-hg35-mp25-qf6h	37.0.0
2025-08-01T09:36:34.512542+00:00	GHSA Importer	Affected by	VCID-k9e9-7ez7-bbcw	https://github.com/advisories/GHSA-jr22-8qgm-4q87	37.0.0
2025-08-01T09:32:26.317688+00:00	GHSA Importer	Affected by	VCID-m1b3-yync-t3bx	https://github.com/advisories/GHSA-jpr7-q523-hx25	37.0.0