phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
References
Link | Resource |
---|---|
https://github.com/phpseclib/phpseclib/releases/tag/2.0.31 | Release Notes Third Party Advisory |
https://github.com/phpseclib/phpseclib/pull/1635 | Patch Third Party Advisory |
https://github.com/phpseclib/phpseclib/releases/tag/3.0.7 | Release Notes Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html | Mailing List Third Party Advisory |
Information
Published : 2021-04-06 08:15
Updated : 2023-01-27 11:52
NVD link : CVE-2021-30130
Mitre link : CVE-2021-30130
JSON object : View
CWE
CWE-347
Improper Verification of Cryptographic Signature
Products Affected
debian
- debian_linux
phpseclib
- phpseclib