PT-2024-21843 · Phpseclib+3 · Phpseclib+3

Published

2024-03-01

Updated

2026-05-06

CVE-2024-27354

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions phpseclib versions 1.x before 1.0.23 phpseclib versions 2.x before 2.0.47 phpseclib versions 3.x before 3.0.36

Description An issue was discovered that allows an attacker to construct a malformed certificate containing an extremely large prime, causing a denial of service due to CPU consumption for an isPrime primality check.

Recommendations For phpseclib versions 1.x before 1.0.23, update to version 1.0.23 or later. For phpseclib versions 2.x before 2.0.47, update to version 2.0.47 or later. For phpseclib versions 3.x before 3.0.36, update to version 3.0.36 or later.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2024-27354

DLA-3749-1

DLA-3750-1

GHSA-2528-JW5Q-WW88

GHSA-HG35-MP25-QF6H

USN-7404-1

Affected Products

Linuxmint

Red Os

Ubuntu

Phpseclib

PT-2024-21843 · Phpseclib+3 · Phpseclib+3

CVE-2024-27354

Weakness Enumeration

Related Identifiers

Affected Products

References · 31