GHSA-jr22-8qgm-4q87

Suggest an improvement
Source
https://github.com/advisories/GHSA-jr22-8qgm-4q87
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-jr22-8qgm-4q87/GHSA-jr22-8qgm-4q87.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jr22-8qgm-4q87
Aliases
Published
2024-03-02T00:31:33Z
Modified
2024-08-13T18:30:48.616822Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
phpseclib does not properly limit the ASN1 OID length
Details

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).

Database specific
{
    "nvd_published_at": "2024-03-01T23:15:08Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-04T20:42:19Z"
}
References

Affected packages

Packagist / phpseclib/phpseclib

Package

Name
phpseclib/phpseclib
Purl
pkg:composer/phpseclib/phpseclib

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.0.36

Affected versions

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.20
3.0.21
3.0.22
3.0.23
3.0.33
3.0.34
3.0.35

Packagist / phpseclib/phpseclib

Package

Name
phpseclib/phpseclib
Purl
pkg:composer/phpseclib/phpseclib

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.47

Affected versions

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.36
2.0.37
2.0.38
2.0.39
2.0.40
2.0.41
2.0.42
2.0.43
2.0.44
2.0.45
2.0.46

Packagist / phpseclib/phpseclib

Package

Name
phpseclib/phpseclib
Purl
pkg:composer/phpseclib/phpseclib

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.0.23

Affected versions

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22