CVE-2023-49316

High

In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.

mitre·CWE-834·Published 2023-11-27

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

112 chars

In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.

NVDen

112 chars

In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.

OSV.deven

318 chars

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f25-pfq3-c7h8. This link is maintained to preserve external references. ### Original Description In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees in binary fields can lead to a denial of service.

GHSAen

399 chars

### Impact Anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc) ### Patches https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f ### Workarounds No. ### References https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f https://www.usenix.org/system/files/usenixsecurity25-shi-bing.pdf

NVDes

128 chars

En Math/BinaryField.php en phpseclib anterior a 3.0.34, grados excesivamente grandes pueden provocar una denegación de servicio.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	GHSA	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H