diff --git a/phpseclib/phpseclib/CVE-2024-27354.yaml b/phpseclib/phpseclib/CVE-2024-27354.yaml new file mode 100644 index 000000000..04ce5af1b --- /dev/null +++ b/phpseclib/phpseclib/CVE-2024-27354.yaml @@ -0,0 +1,14 @@ +title: phpseclib a large prime can cause a denial of service +link: https://github.com/advisories/GHSA-hg35-mp25-qf6h +cve: CVE-2024-27354 +branches: + "3.0": + time: 2024-03-02 00:31:33 + versions: ['>=3.0.0', '<3.0.36'] + "2.0": + time: 2024-03-02 00:31:33 + versions: ['>=2.0.0', '<2.0.47'] + "1.0": + time: 2024-03-02 00:31:33 + versions: ['>=1.0.0', '<1.0.23'] +reference: composer://phpseclib/phpseclib diff --git a/phpseclib/phpseclib/CVE-2024-27355.yaml b/phpseclib/phpseclib/CVE-2024-27355.yaml new file mode 100644 index 000000000..a73ff00dc --- /dev/null +++ b/phpseclib/phpseclib/CVE-2024-27355.yaml @@ -0,0 +1,14 @@ +title: phpseclib does not properly limit the ASN1 OID length +link: https://github.com/advisories/GHSA-jr22-8qgm-4q87 +cve: CVE-2024-27355 +branches: + "3.0": + time: 2024-03-02 00:31:33 + versions: ['>=3.0.0', '<3.0.36'] + "2.0": + time: 2024-03-02 00:31:33 + versions: ['>=2.0.0', '<2.0.47'] + "1.0": + time: 2024-03-02 00:31:33 + versions: ['>=1.0.0', '<1.0.23'] +reference: composer://phpseclib/phpseclib