Fluid Attacks Database

Description

phpseclib guardrails needed on OID length

Impact

Any application using that loads untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc).

Patches

Workarounds

No.

Resources

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	phpseclib	>=0 <1.0.23-1	1.0.23-1
debian 13	php-phpseclib	>=0 <2.0.47-1	2.0.47-1
packagist	phpseclib/phpseclib	>=2.0.0 <2.0.47 \|\| >=3.0.0 <3.0.36 \|\| >=0.1.1 <1.0.23	2.0.47, 3.0.36, 1.0.23
debian 11	php-phpseclib	=2.0.30-2 \|\| =2.0.30-2+deb11u1 \|\| >=0 <2.0.30-2+deb11u2	2.0.30-2+deb11u2
debian 12	php-phpseclib	=2.0.42-1 \|\| =2.0.42-1+deb12u1 \|\| >=0 <2.0.42-1+deb12u2	2.0.42-1+deb12u2
debian 12	php-phpseclib3	=3.0.19-1 \|\| =3.0.19-1+deb12u1 \|\| =3.0.19-1+deb12u2 \|\| >=0 <3.0.19-1+deb12u3	3.0.19-1+deb12u3
debian 13	php-phpseclib3	>=0 <3.0.36-1	3.0.36-1
debian 11	phpseclib	=1.0.19-3 \|\| =1.0.19-3+deb11u1 \|\| >=0 <1.0.19-3+deb11u2	1.0.19-3+deb11u2
debian 12	phpseclib	=1.0.20-1 \|\| =1.0.20-1+deb12u1 \|\| >=0 <1.0.20-1+deb12u2	1.0.20-1+deb12u2
debian 14	php-phpseclib3	>=0 <3.0.36-1	3.0.36-1

1-10 of 11

Aliases

References