CVE-2024-27354: CVE-2024-27354: Computational Denial of Service via Unbounded Primality Testing i…

1 / 2

CVE-2024-27354: CVE-2024-27354: Computational Denial of Service via Unbounded Primality Testing in phpseclib

DEV Community·CVE Reports·27 days ago

#9wT4iB3w

#commit #exploit #security #cve #phpseclib #denial

Reading 0:00

15s threshold

CVE-2024-27354: Computational Denial of Service via Unbounded Primality Testing in phpseclib Vulnerability ID: CVE-2024-27354 CVSS Score: 7.5 Published: 2026-05-06 A computational Denial of Service (DoS) vulnerability in phpseclib allows unauthenticated attackers to exhaust CPU resources by supplying malformed X.509 certificates. The vulnerability arises from missing bit-length upper bounds in the Miller-Rabin primality test implementation when evaluating explicit elliptic curve field parameters. TL;DR phpseclib before versions 1.0.23, 2.0.47, and 3.0.36 suffers from a computational DoS flaw where parsing maliciously crafted X.509 certificates with massive explicit primes triggers an unbounded Miller-Rabin primality test, leading to CPU exhaustion.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2024-27354: CVE-2024-27354: Computational Denial of Service via Unbounded Primality Testing in phpseclib