Denial of Service Vulnerability in phpseclib Products by phpseclib
CVE-2024-27355

7.5HIGH

Key Information:

Vendor: phpseclib
Status: phpseclib
Vendor: CVE Published:; 1 March 2024

What is CVE-2024-27355?

A vulnerability was found in phpseclib versions prior to 1.0.23, 2.0.47, and 3.0.36 that exposes users to a denial of service condition. This occurs when the library processes an ASN.1 object identifier of a certificate, where a incorrectly provided sub identifier can lead to excessive CPU consumption during the decoding process. This situation can impact the performance and availability of the applications relying on phpseclib, highlighting the necessity for prompt updates.

References

https://github.com/phpseclib/phpseclib/blob/978d081fe50ff...

https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c88...

https://lists.debian.org/debian-lts-announce/2024/03/msg0...

mailing-list

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Feb 25, 2024

CVE-2024-27355 Data

JSON