terrafrost

6 exploits Active since Mar 2023
CVE-2026-44167 WRITEUP HIGH WRITEUP
phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.
CVSS 7.5
CVE-2026-40194 WRITEUP LOW WRITEUP
phpseclib SSH2::get_binary_packet() - Variable-Time HMAC Comparison
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.
CVSS 3.7
CVE-2026-32935 WRITEUP MEDIUM WRITEUP
phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.
CVSS 5.9
CVE-2023-27560 WRITEUP HIGH WRITEUP
phpseclib 3.0.0-3.0.18 - Denial of Service via Infinite Loop in PrimeField
Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.
CVSS 7.5
CVE-2023-49316 WRITEUP HIGH WRITEUP
phpseclib 3.0.0-3.0.33 - Denial of Service via Excessive Iteration in Math/BinaryField.php
In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.
CVSS 7.5
CVE-2023-52892 WRITEUP HIGH WRITEUP
phpseclib < 1.0.22, 2.x < 2.0.46, 3.x < 3.0.33 - X.509 Certificate Host Verification Bypass
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
CVSS 7.5