{"id":"USN-7404-1","summary":"phpseclib vulnerabilities","details":"It was discovered that phpseclib did not correctly handle RSA PKCS#1\nv1.5 signature verification. An attacker could possibly use this issue to\nbypass authentication. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2021-30130)\n\nIt was discovered that phpseclib did not correctly handle certain\ncharacters in certain TLS fields, which could lead to name confusion.\nAn attacker could possibly use this issue to bypass authentication.\n(CVE-2023-52892)\n\nIt was discovered that phpseclib incorrectly limited the size of prime\nnumbers generated by isPrime. An attacker could possibly use this issue\nto cause a denial of service. (CVE-2024-27354)\n\nIt was discovered that phpseclib did not correctly handle processing the\nASN.1 object identifier of a certificate. An attacker could possibly use\nthis issue to cause a denial of service. This issue only affected\nUbuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-27355)\n","modified":"2026-02-10T04:47:47Z","published":"2025-04-02T01:35:46Z","related":["UBUNTU-CVE-2021-30130","UBUNTU-CVE-2023-52892","UBUNTU-CVE-2024-27354","UBUNTU-CVE-2024-27355"],"upstream":["CVE-2021-30130","CVE-2023-52892","CVE-2024-27354","CVE-2024-27355","UBUNTU-CVE-2021-30130","UBUNTU-CVE-2023-52892","UBUNTU-CVE-2024-27354","UBUNTU-CVE-2024-27355"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7404-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-30130"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-52892"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-27354"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-27355"}],"affected":[{"package":{"name":"php-phpseclib","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/php-phpseclib@2.0.1-1ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.1-1ubuntu0.1~esm2"}]}],"versions":["2.0.1-1","2.0.1-1build1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.0.1-1ubuntu0.1~esm2","binary_name":"php-phpseclib"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7404-1.json","cves_map":{"cves":[{"id":"CVE-2023-52892","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27354","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"phpseclib","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/phpseclib@1.0.1-3ubuntu0.1+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-3ubuntu0.1+esm1"}]}],"versions":["0.3.10-3","1.0.0-2","1.0.0-3","1.0.1-1","1.0.1-3","1.0.1-3ubuntu0.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1.0.1-3ubuntu0.1+esm1","binary_name":"php-seclib"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7404-1.json","cves_map":{"cves":[{"id":"CVE-2023-52892","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27354","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"php-phpseclib","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/php-phpseclib@2.0.9-1ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.9-1ubuntu0.1~esm2"}]}],"versions":["2.0.6-1","2.0.7-1","2.0.9-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.0.9-1ubuntu0.1~esm2","binary_name":"php-phpseclib"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7404-1.json","cves_map":{"cves":[{"id":"CVE-2023-52892","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27354","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"phpseclib","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/phpseclib@1.0.9-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.9-1ubuntu0.1~esm1"}]}],"versions":["1.0.7-1","1.0.8-1","1.0.9-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1.0.9-1ubuntu0.1~esm1","binary_name":"php-seclib"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7404-1.json","cves_map":{"cves":[{"id":"CVE-2023-52892","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27354","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"php-phpseclib","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/php-phpseclib@2.0.23-2ubuntu0.1~esm2?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.23-2ubuntu0.1~esm2"}]}],"versions":["2.0.21-2","2.0.23-2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.0.23-2ubuntu0.1~esm2","binary_name":"php-phpseclib"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7404-1.json","cves_map":{"cves":[{"id":"CVE-2021-30130","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-52892","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27354","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27355","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"phpseclib","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/phpseclib@1.0.18-2ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.18-2ubuntu0.1~esm1"}]}],"versions":["1.0.16-2","1.0.18-2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1.0.18-2ubuntu0.1~esm1","binary_name":"php-seclib"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7404-1.json","cves_map":{"cves":[{"id":"CVE-2021-30130","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-52892","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27354","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27355","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"php-phpseclib","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/php-phpseclib@2.0.36-1ubuntu0.1~esm2?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.36-1ubuntu0.1~esm2"}]}],"versions":["2.0.30-2ubuntu1","2.0.34-1","2.0.35-1","2.0.36-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.0.36-1ubuntu0.1~esm2","binary_name":"php-phpseclib"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7404-1.json","cves_map":{"cves":[{"id":"CVE-2023-52892","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27354","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27355","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}},{"package":{"name":"php-phpseclib3","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/php-phpseclib3@3.0.13-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.13-1ubuntu0.1~esm1"}]}],"versions":["3.0.9-1","3.0.10-1","3.0.12-2","3.0.13-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"3.0.13-1ubuntu0.1~esm1","binary_name":"php-phpseclib3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7404-1.json","cves_map":{"cves":[{"id":"CVE-2023-52892","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27354","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27355","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}},{"package":{"name":"phpseclib","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/phpseclib@1.0.20-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.20-1ubuntu0.1~esm1"}]}],"versions":["1.0.19-3ubuntu2","1.0.19-3ubuntu3","1.0.20-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1.0.20-1ubuntu0.1~esm1","binary_name":"php-seclib"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7404-1.json","cves_map":{"cves":[{"id":"CVE-2023-52892","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27354","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-27355","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}}],"schema_version":"1.7.3"}