Primary

Context

phpseclib ASN.1 Decoding Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in phpseclib, a PHP library for secure communications. This issue affects versions 1.0.0 prior to 1.0.29, 2.0.0 prior to 2.0.54, and 3.0.0 prior to 3.0.52. The vulnerability arises in the ASN.1 decoding function, where the library improperly handles untrusted ASN.1 files, such as X.509 certificates and RSA PKCS#8 keys. This mismanagement can lead to excessive resource consumption, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability can cause a significant denial-of-service condition by overloading the system's resources.

Remediation

Users can upgrade to phpseclib versions 1.0.29, 2.0.54, or 3.0.52 to address this vulnerability.

Added: May 12, 2026, 6:56 PM

Updated: May 12, 2026, 6:56 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

5.3

remediation

7.7

relevance

8.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

5.3

remediation

7.7

relevance

8.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

phpseclib ASN.1 Decoding Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

phpseclib

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating