{"id":"CVE-2026-44167","summary":"phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()","details":"phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.","aliases":["GHSA-3qpq-r242-jqj7"],"modified":"2026-07-15T01:49:16.168739110Z","published":"2026-05-12T17:22:14.764Z","related":["CGA-c3f5-5q37-cmq9"],"database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-400"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44167.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44167.json"},{"type":"ADVISORY","url":"https://github.com/phpseclib/phpseclib/security/advisories/GHSA-3qpq-r242-jqj7"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44167"},{"type":"FIX","url":"https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/phpseclib/phpseclib","events":[{"introduced":"fe62c85e0203503231d489af95d0ac053b7d3575"},{"introduced":"a74aa9efbe61430fcb60157c8e025a48ec8ff604"},{"introduced":"a8e70cbaa54234d466afdbf6d15d7af1751ce3eb"},{"fixed":"2adaefc83df2ec548558307690f376dd7d4f4fce"},{"fixed":"a96a835067c39ee7a709329fe70869817da18081"},{"fixed":"15ace8dd0b6942a7c49c9e83cf41de1b77924ba7"},{"fixed":"d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc"}],"database_specific":{"source":["AFFECTED_FIELD","REFERENCES"],"extracted_events":[{"introduced":"3.0.0"},{"fixed":"3.0.52"},{"introduced":"2.0.0"},{"fixed":"2.0.54"},{"introduced":"0.1.1"},{"fixed":"1.0.29"}]}}],"versions":["2.0.53","1.0.28","3.0.51","2.0.52","1.0.27","3.0.50","3.0.49","2.0.51","1.0.26","2.0.50","1.0.25","3.0.48","2.0.49","1.0.24","3.0.47","3.0.46","3.0.45","3.0.44","3.0.43","2.0.48","3.0.42","3.0.41","3.0.40","3.0.39","3.0.38","2.0.47","1.0.23","3.0.37","3.0.36","1.0.22","2.0.46","3.0.35","3.0.34","3.0.33","3.0.23","2.0.45","3.0.22","3.0.21","1.0.21","2.0.44","3.0.20","2.0.43","2.0.42","3.0.19","2.0.41","3.0.18","2.0.40","3.0.17","2.0.39","3.0.16","2.0.38","3.0.15","3.0.14","2.0.37","3.0.13","2.0.36","1.0.20","2.0.35","3.0.12","3.0.11","2.0.34","3.0.10","2.0.33","3.0.9","2.0.32","3.0.8","2.0.31","3.0.7","3.0.6","3.0.5","3.0.4","3.0.3","3.0.2","3.0.1","2.0.30","3.0.0","2.0.29","2.0.28","1.0.19","2.0.27","2.0.26","2.0.25","2.0.24","1.0.18","2.0.23","1.0.17","2.0.22","2.0.21","2.0.20","2.0.19","2.0.18","1.0.16","2.0.17","2.0.16","2.0.15","1.0.15","2.0.14","1.0.14","2.0.13","1.0.13","2.0.12","1.0.12","1.0.11","2.0.11","2.0.10","1.0.10","1.0.9","2.0.9","2.0.7","1.0.8","2.0.6","1.0.7","2.0.5","1.0.6","2.0.4","1.0.5","1.0.4","2.0.3","1.0.1","2.0.0","0.3.8","0.3.7","0.3.6","0.3.0","0.2.2","0.2.1","0.2.0","0.1.5","0.1.2","0.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44167.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}