Denial of Service Vulnerability in phpseclib by phpseclib
CVE-2023-49316

7.5HIGH

Key Information:

Vendor: PHPseclib
Status: PHPseclib
Vendor: CVE Published:; 27 November 2023

What is CVE-2023-49316?

In the Math/BinaryField.php file of phpseclib version 3 prior to 3.0.34, an attacker can exploit excessively large degrees, which may lead to a denial of service. This vulnerability can potentially disrupt services that utilize this library, making it crucial for users to update to the latest version to mitigate the risk. For further details and patches, visit the official repository.

References

https://github.com/phpseclib/phpseclib/commit/964d78101a7...

https://github.com/phpseclib/phpseclib/releases/tag/3.0.34

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2023
Vulnerability Reserved
Nov 26, 2023

CVE-2023-49316 Data

JSON

PHPseclib

What is CVE-2023-49316?

References

CVSS V3.1

Timeline