phpseclib/phpseclib Security Advisories for 2.0.25 (7)
-
[HIGH] phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()
PKSA-smrh-yx37-92ws CVE-2026-44167 GHSA-3qpq-r242-jqj7
Affected version: >=0.1.1,<=1.0.28|>=3.0.0,<=3.0.51|>=2.0.0,<=2.0.53
Reported by:
GitHub -
[LOW] phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
PKSA-zh4j-by9m-7mz8 CVE-2026-40194 GHSA-r854-jrxh-36qx
Affected version: >=0.1.1,<1.0.28|>=3.0.0,<3.0.51|>=2.0.0,<2.0.53
Reported by:
GitHub -
[HIGH] phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
PKSA-km2b-zc3b-mjm3 CVE-2026-32935 GHSA-94g3-g5v7-q4jg
Affected version: >=0.1.1,<=1.0.26|>=2.0.0,<=2.0.51|>=3.0.0,<=3.0.49
Reported by:
GitHub -
[HIGH] Name confusion in x509 Subject Alternative Name fields
PKSA-4p7m-np8m-fq35 CVE-2023-52892 GHSA-ff7q-6vwh-v9m4
Affected version: >=3.0.0,<3.0.33|>=2.0.0,<2.0.46|<1.0.22
Reported by:
GitHub -
[HIGH] phpseclib a large prime can cause a denial of service
PKSA-t5xz-td8w-f35v CVE-2024-27354 GHSA-2528-jw5q-ww88
Affected version: >=3.0.0,<3.0.36|>=2.0.0,<2.0.47|>=1.0.0,<1.0.23
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] phpseclib does not properly limit the ASN1 OID length
PKSA-jsh4-f6tg-bwyq CVE-2024-27355 GHSA-f2qx-66wf-wvvx
Affected version: >=3.0.0,<3.0.36|>=2.0.0,<2.0.47|>=1.0.0,<1.0.23
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Improper Certificate Validation in phpseclib
PKSA-mnsd-qtjt-pgcq CVE-2021-30130 GHSA-vf4w-fg7r-5v94
Affected version: <2.0.31|>=3.0.0,<3.0.7
Reported by:
GitHub, FriendsOfPHP/security-advisories