VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-er9q-najs-aaad

Essentials
Severities (98)
References (9)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-er9q-najs-aaad
Aliases	CVE-2023-49316 GHSA-jpr7-q523-hx25
Summary	In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-834	Excessive Iteration
CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00296	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2023-49316
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-jpr7-q523-hx25
cvssv3.1	7.5	https://github.com/phpseclib/phpseclib
generic_textual	HIGH	https://github.com/phpseclib/phpseclib
cvssv3.1	7.5	https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
generic_textual	HIGH	https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
cvssv3.1	7.5	https://github.com/phpseclib/phpseclib/releases/tag/3.0.34
generic_textual	HIGH	https://github.com/phpseclib/phpseclib/releases/tag/3.0.34
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-49316
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-49316

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-49316
		https://github.com/phpseclib/phpseclib
		https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
		https://github.com/phpseclib/phpseclib/releases/tag/3.0.34
1057008		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057008
cpe:2.3:a:phpseclib:phpseclib::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpseclib:phpseclib::::::::
CVE-2023-49316		https://nvd.nist.gov/vuln/detail/CVE-2023-49316
CVE-2023-49316.YAML		https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-49316.yaml
GHSA-jpr7-q523-hx25		https://github.com/advisories/GHSA-jpr7-q523-hx25

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/phpseclib/phpseclib

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/phpseclib/phpseclib/releases/tag/3.0.34

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-49316

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-49316

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.24022
EPSS Score	0.00055
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-03T17:14:11.610627+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2023-49316	34.0.0rc1