CVE-2021-30130

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-30130

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30130.json

Aliases

• GHSA-vf4w-fg7r-5v94

Related

• DLA-3197-1
• DLA-3198-1

Published

2021-04-06T15:15:13Z

Modified

2023-11-29T08:49:52.834238Z

Details

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.

References

• https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html
• https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html
• https://github.com/phpseclib/phpseclib/pull/1635
• https://github.com/phpseclib/phpseclib/releases/tag/2.0.31
• https://github.com/phpseclib/phpseclib/releases/tag/3.0.7