Fluid Attacks Database

Description

Improper Certificate Validation in phpseclib phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	php-phpseclib	>=0 <2.0.30-2	2.0.30-2
debian 13	php-phpseclib	>=0 <2.0.30-2	2.0.30-2
debian 12	php-phpseclib	>=0 <2.0.30-2	2.0.30-2
packagist	phpseclib/phpseclib	>=3.0.0 <3.0.7 \|\| >=0 <2.0.31	3.0.7, 2.0.31
debian 12	php-phpseclib3	>=0 <3.0.7-1	3.0.7-1
debian 13	phpseclib	>=0 <1.0.19-3	1.0.19-3
debian 11	phpseclib	>=0 <1.0.19-3	1.0.19-3
debian 12	phpseclib	>=0 <1.0.19-3	1.0.19-3
debian 13	php-phpseclib3	>=0 <3.0.7-1	3.0.7-1
debian 14	php-phpseclib3	>=0 <3.0.7-1	3.0.7-1

1-10 of 11

Aliases

References

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.