GHSA-jr22-8qgm-4q87

Source

https://github.com/advisories/GHSA-jr22-8qgm-4q87

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-jr22-8qgm-4q87/GHSA-jr22-8qgm-4q87.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jr22-8qgm-4q87

Aliases

CVE-2024-27355

Withdrawn

2026-05-08T18:24:10Z

Published

2024-03-02T00:31:33Z

Modified

2026-05-08T18:35:42.831034Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Duplicate Advisory: phpseclib does not properly limit the ASN1 OID length

Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-f2qx-66wf-wvvx. This link is maintained to preserve external references.

Original Description

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).

Database specific

{
    "github_reviewed_at": "2024-03-04T20:42:19Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": "2024-03-01T23:15:08Z",
    "cwe_ids": [
        "CWE-400"
    ]
}

References

Affected packages

Packagist / phpseclib/phpseclib

Package

Name: phpseclib/phpseclib
Purl: pkg:composer/phpseclib/phpseclib

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.0.36

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.0.19

3.0.20

3.0.21

3.0.22

3.0.23

3.0.33

3.0.34

3.0.35

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-jr22-8qgm-4q87/GHSA-jr22-8qgm-4q87.json"

Packagist / phpseclib/phpseclib

Package

Name: phpseclib/phpseclib
Purl: pkg:composer/phpseclib/phpseclib

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.47

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.0.20

2.0.21

2.0.22

2.0.23

2.0.24

2.0.25

2.0.26

2.0.27

2.0.28

2.0.29

2.0.30

2.0.31

2.0.32

2.0.33

2.0.34

2.0.35

2.0.36

2.0.37

2.0.38

2.0.39

2.0.40

2.0.41

2.0.42

2.0.43

2.0.44

2.0.45

2.0.46

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-jr22-8qgm-4q87/GHSA-jr22-8qgm-4q87.json"

Packagist / phpseclib/phpseclib

Package

Name: phpseclib/phpseclib
Purl: pkg:composer/phpseclib/phpseclib

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.23

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.20

1.0.21

1.0.22

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-jr22-8qgm-4q87/GHSA-jr22-8qgm-4q87.json"