CVE-2024-27354

Risk Scores

Affected Products

Exploit Intelligence

• https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49 (circl)
• [debian-lts-announce] 20240305 [SECURITY] [DLA 3749-1] phpseclib security update (circl)
• [debian-lts-announce] 20240305 [SECURITY] [DLA 3750-1] php-phpseclib security update (circl)
• https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b (osv)

Timeline

• Jan 20, 1970 GitHub Gist PoC
• Mar 1, 2024 CVE Published
• Mar 2, 2024 EPSS Score
• Mar 28, 2024 EPSS Score
• Apr 24, 2024 EPSS Score
• May 20, 2024 EPSS Score
• Jun 16, 2024 EPSS Score
• Jul 12, 2024 EPSS Score
• Aug 8, 2024 EPSS Score
• Sep 3, 2024 EPSS Score
• Oct 4, 2024 Coalition ESS Score
• Oct 26, 2024 EPSS Score

References

• https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49 url
• https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b url
• [debian-lts-announce] 20240305 [SECURITY] [DLA 3749-1] phpseclib security update mailing-list
• [debian-lts-announce] 20240305 [SECURITY] [DLA 3750-1] php-phpseclib security update mailing-list
• https://nvd.nist.gov/vuln/detail/CVE-2024-27354 advisory
• https://github.com/phpseclib/phpseclib/commit/2870c8fab3f132d2ed40a66c97a36fe5ab625698 url
• https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575 url
• https://github.com/phpseclib/phpseclib/commit/c55b75199ec8d12cec6eadf6da99da4a3712fe56 url
• https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27354.yaml url
• https://github.com/advisories/GHSA-hg35-mp25-qf6h advisory
• https://github.com/phpseclib/phpseclib package