CVE-2023-49316: CVE-2023-49316: Denial of Service via Unbounded Degree in phpseclib Binary Finite…

1 / 2

CVE-2023-49316: CVE-2023-49316: Denial of Service via Unbounded Degree in phpseclib Binary Finite Fields

DEV Community·CVE Reports·24 days ago

#pP5WHNiD

#exploit #security #cve #cybersecurity #phpseclib #composer

Reading 0:00

15s threshold

CVE-2023-49316: Denial of Service via Unbounded Degree in phpseclib Binary Finite Fields Vulnerability ID: CVE-2023-49316 CVSS Score: 7.5 Published: 2026-05-08 The phpseclib cryptographic library version 3.x prior to 3.0.34 contains a Denial of Service (DoS) vulnerability in its mathematical field generation logic. When parsing maliciously crafted X.509 certificates or PKCS#8 private keys specifying Elliptic Curve parameters over a binary finite field, the library fails to validate the degree parameter. This flaw allows a remote attacker to force the PHP application to perform unbounded memory allocations, exhausting server resources and terminating the application worker process. TL;DR phpseclib 3.x before 3.0.34 fails to bound the degree parameter when parsing Elliptic Curve keys over binary fields, allowing unauthenticated attackers to cause a fatal Out-Of-Memory (OOM) crash via a crafted ASN.1 payload.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2023-49316: CVE-2023-49316: Denial of Service via Unbounded Degree in phpseclib Binary Finite Fields