Phpseclib

phpseclib

Vendor: Phpseclib • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-40194 1Phpseclib 1Phpseclib May 8, 2026 Apr 10, 2026 N/A· v4 3.7 LOW· v3 N/A· v2 phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against th...Show more phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.Show less
CVE-2026-32935 1Phpseclib 1Phpseclib May 8, 2026 Mar 20, 2026 8.2 HIGH· v4 5.9 MEDIUM· v3 N/A· v2 phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mod...Show more phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.Show less
CVE-2023-52892 1Phpseclib 1Phpseclib Oct 22, 2025 Jun 27, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such...Show more In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.Show less
CVE-2024-27355 2Debian Phpseclib 2Debian Linux Phpseclib Sep 15, 2025 Mar 1, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of s...Show more An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).Show less
CVE-2024-27354 2Debian Phpseclib 2Debian Linux Phpseclib Sep 15, 2025 Mar 1, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU co...Show more An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.Show less
CVE-2023-49316 1Phpseclib 1Phpseclib Nov 21, 2024 Nov 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.
CVE-2023-27560 1Phpseclib 1Phpseclib Mar 6, 2025 Mar 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.
CVE-2021-30130 2Debian Phpseclib 2Debian Linux Phpseclib Nov 21, 2024 Apr 6, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.