GHSA-hm7p-r324-hhf3

Suggest an improvement
Source
https://github.com/advisories/GHSA-hm7p-r324-hhf3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-hm7p-r324-hhf3/GHSA-hm7p-r324-hhf3.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hm7p-r324-hhf3
Aliases
Published
2023-03-03T06:30:17Z
Modified
2023-11-08T04:12:06.279594Z
Summary
phpseclib Infinite Loop vulnerability
Details

Math/PrimeField.php in phpseclib has an infinite loop with composite primefields. This vulnerability was introduced in version 3.0.0, and has been patched in 3.0.19. The CVE for this issue originally identified the the vulnerable version as 2.x, however, the vulnerable functionality was not introduced until version 3.

References

Affected packages

Packagist / phpseclib/phpseclib

Package

Name
phpseclib/phpseclib
Purl
pkg:composer/phpseclib/phpseclib

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.0.19

Affected versions

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18