Vulnerability Database
Blog
FAQ
Docs
GHSA-vf4w-fg7r-5v94
Source
https://github.com/advisories/GHSA-vf4w-fg7r-5v94
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-vf4w-fg7r-5v94/GHSA-vf4w-fg7r-5v94.json
Aliases
CVE-2021-30130
Published
2021-04-07T20:56:55Z
Modified
2024-02-16T08:07:57.853429Z
Details
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-30130
https://github.com/phpseclib/phpseclib/pull/1635
https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2021-30130.yaml
https://github.com/phpseclib/phpseclib/releases/tag/2.0.31
https://github.com/phpseclib/phpseclib/releases/tag/3.0.7
https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html
Affected packages
Packagist
/
phpseclib/phpseclib
Package
Name
phpseclib/phpseclib
Affected ranges
Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.0.7
Affected versions
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
Packagist
/
phpseclib/phpseclib
Package
Name
phpseclib/phpseclib
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
The exact introduced commit is unknown
Fixed
2.0.31
Affected versions
0.*
0.3.0
0.3.1
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.3.10
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.30
GHSA-vf4w-fg7r-5v94 - OSV