Vulnerability Database
Blog
FAQ
Docs
CVE-2021-30130
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-30130
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30130.json
Aliases
GHSA-vf4w-fg7r-5v94
Related
DLA-3197-1
DLA-3198-1
Published
2021-04-06T15:15:13Z
Modified
2023-11-29T08:49:52.834238Z
Details
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
References
https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html
https://github.com/phpseclib/phpseclib/pull/1635
https://github.com/phpseclib/phpseclib/releases/tag/2.0.31
https://github.com/phpseclib/phpseclib/releases/tag/3.0.7
Affected packages
Git
/
github.com/phpseclib/phpseclib
Affected ranges
Type
GIT
Repo
https://github.com/phpseclib/phpseclib
Events
Introduced
fe62c85e0203503231d489af95d0ac053b7d3575
Fixed
d369510df0ebd5e1a5d0fe3d4d23c55fa87a403d
Affected versions
2.*
2.0.31
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
CVE-2021-30130 - OSV