CVE-2023-49316

NameCVE-2023-49316
DescriptionIn Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1057008

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php-phpseclib3 (PTS)bookworm3.0.19-1+deb12u3fixed
bookworm (security)3.0.19-1+deb12u2fixed
sid, trixie3.0.42-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php-phpseclib3sourcebookworm3.0.19-1+deb12u1
php-phpseclib3source(unstable)3.0.34-11057008

Notes

Fixed by: https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f (3.0.34)
check if affecting ldap-account-manager or unused path
Search for package or bug name: Reporting problems