Search CVE reports
1 – 6 of 6 results
CVE-2023-52892
Medium prioritySome fixes available 9 of 12
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a +...
3 affected packages
php-phpseclib, php-phpseclib3, phpseclib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-phpseclib | Not affected | Fixed | Fixed | Fixed | Fixed |
| php-phpseclib3 | Not affected | Fixed | Not in release | — | — |
| phpseclib | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2024-27355
Medium prioritySome fixes available 5 of 8
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service...
3 affected packages
php-phpseclib, php-phpseclib3, phpseclib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-phpseclib | Not affected | Fixed | Fixed | Not affected | Not affected |
| php-phpseclib3 | Not affected | Fixed | Not in release | Not in release | Not in release |
| phpseclib | Not affected | Fixed | Fixed | Not affected | Not affected |
CVE-2024-27354
Medium prioritySome fixes available 9 of 12
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption...
3 affected packages
php-phpseclib, php-phpseclib3, phpseclib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-phpseclib | Not affected | Fixed | Fixed | Fixed | Fixed |
| php-phpseclib3 | Not affected | Fixed | Not in release | Not in release | Not in release |
| phpseclib | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2023-49316
Medium priorityIn Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.
1 affected package
php-phpseclib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-phpseclib3 | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
CVE-2023-27560
Medium priorityMath/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.
3 affected packages
ldap-account-manager, php-phpseclib, php-phpseclib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| php-phpseclib | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| php-phpseclib3 | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
CVE-2021-30130
Medium prioritySome fixes available 2 of 14
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
3 affected packages
php-phpseclib, php-phpseclib3, phpseclib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-phpseclib | Not affected | Not affected | Fixed | Not affected | Not affected |
| php-phpseclib3 | Not affected | Not affected | Not in release | Not in release | Ignored |
| phpseclib | Not affected | Not affected | Fixed | Not affected | Not affected |