pkg:Debian/phpseclib

All known vulnerabilities

• HIGH7.5CVE-2024-27355Duplicate Advisory: phpseclib does not properly limit the ASN1 OID length
  from 0, < 1.0.19-3+deb11u2
• HIGH7.5CVE-2024-27354phpseclib: guardrails needed on isPrime and randomPrime
  from 0, < 1.0.19-3~deb10u3
• HIGH7.5CVE-2024-27354phpseclib: guardrails needed on isPrime and randomPrime
  from 0, < 1.0.19-3+deb11u2
• HIGH7.5CVE-2026-44167phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()
  from 0
• HIGH7.5CVE-2023-52892phpseclib - security update
  from 0, < 1.0.19-3+deb11u3
• HIGH7.5CVE-2023-52892phpseclib - security update
  from 0, < 1.0.19-3+deb11u3
• HIGH7.5CVE-2021-30130php-phpseclib - security update
  from 0, < 1.0.19-3~deb10u1
• HIGH7.5CVE-2021-30130php-phpseclib - security update
  from 0, < 1.0.19-3
• MEDIUM5.9CVE-2026-32935phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
  from 0, < 1.0.19-3+deb11u3
• MEDIUM5.9CVE-2026-32935phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
  from 0, < 1.0.20-1+deb12u3
• MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
  from 0, < 1.0.19-3+deb11u1
• MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
  from 0, < 1.0.19-3+deb11u1
• MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
  from 0, < 1.0.19-3~deb10u2
• LOW3.7CVE-2026-40194phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
  from 0