CVE-2024-27355

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions phpseclib versions 1.x through 1.0.22 phpseclib versions 2.x through 2.0.46 phpseclib versions 3.x through 3.0.35

Description An issue was discovered in phpseclib when processing the ASN.1 object identifier of a certificate. A sub identifier may be provided that leads to a denial of service due to CPU consumption for decodeOID.

Recommendations For phpseclib versions 1.x through 1.0.22, update to version 1.0.23 or later. For phpseclib versions 2.x through 2.0.46, update to version 2.0.47 or later. For phpseclib versions 3.x through 3.0.35, update to version 3.0.36 or later.

Exploit

Fix

DoS

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

BDU:2025-05131

CVE-2024-27355

DLA-3749-1

DLA-3750-1

GHSA-F2QX-66WF-WVVX

GHSA-JR22-8QGM-4Q87

OPENSUSE-SU-2026:10920-1

USN-7404-1

Affected Products

Linuxmint

Red Os

Ubuntu

Phpseclib

CVE-2024-27355

Weakness Enumeration

Related Identifiers

Affected Products

References · 36