Merge pull request #721 from wojcikmariusz/CVE-2024-27354-CVE-2024-27355

phpseclib/phpseclib CVE-2024-27354, CVE-2024-27355
FriendsOfPHP · May 10, 2024 · c205dae · c205dae
2 parents d7641cd + 5f1d99f
commit c205dae
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/phpseclib/phpseclib/CVE-2024-27354.yaml b/phpseclib/phpseclib/CVE-2024-27354.yaml
@@ -0,0 +1,14 @@
+title:     phpseclib a large prime can cause a denial of service
+link:      https://github.com/advisories/GHSA-hg35-mp25-qf6h
+cve:       CVE-2024-27354
+branches:
+    "3.0":
+        time:     2024-03-02 00:31:33
+        versions: ['>=3.0.0', '<3.0.36']
+    "2.0":
+        time:     2024-03-02 00:31:33
+        versions: ['>=2.0.0', '<2.0.47']
+    "1.0":
+        time:     2024-03-02 00:31:33
+        versions: ['>=1.0.0', '<1.0.23']
+reference: composer://phpseclib/phpseclib
diff --git a/phpseclib/phpseclib/CVE-2024-27355.yaml b/phpseclib/phpseclib/CVE-2024-27355.yaml
@@ -0,0 +1,14 @@
+title:     phpseclib does not properly limit the ASN1 OID length
+link:      https://github.com/advisories/GHSA-jr22-8qgm-4q87
+cve:       CVE-2024-27355
+branches:
+    "3.0":
+        time:     2024-03-02 00:31:33
+        versions: ['>=3.0.0', '<3.0.36']
+    "2.0":
+        time:     2024-03-02 00:31:33
+        versions: ['>=2.0.0', '<2.0.47']
+    "1.0":
+        time:     2024-03-02 00:31:33
+        versions: ['>=1.0.0', '<1.0.23']
+reference: composer://phpseclib/phpseclib