7.5

CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpseclibPhpseclib Version >= 1.0.0 < 1.0.23
PhpseclibPhpseclib Version >= 2.0.0 < 2.0.47
PhpseclibPhpseclib Version >= 3.0.0 < 3.0.36
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.57% 0.428
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
Third Party Advisory
Mailing List
https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129
Product