PT-2021-18620 · Phpseclib+3 · Phpseclib+3

Published

2021-04-06

Updated

2025-08-18

CVE-2021-30130

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions phpseclib versions prior to 2.0.31 phpseclib versions 3.x prior to 3.0.7

Description The issue concerns the mishandling of RSA PKCS#1 v1.5 signature verification.

Recommendations For versions prior to 2.0.31, update to version 2.0.31 or later. For versions 3.x prior to 3.0.7, update to version 3.0.7 or later.

Exploit

Fix

Improper Verification of Cryptographic Signature

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347CWE-295

Related Identifiers

BDU:2025-10827

CVE-2021-30130

DLA-3197-1

DLA-3198-1

GHSA-VF4W-FG7R-5V94

USN-7404-1

Affected Products

Linuxmint

Red Os

Ubuntu

Phpseclib

PT-2021-18620 · Phpseclib+3 · Phpseclib+3

CVE-2021-30130

Weakness Enumeration

Related Identifiers

Affected Products

References · 26