USN-7404-1
- Source
- https://ubuntu.com/security/notices/USN-7404-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7404-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7404-1
- Upstream
- Related
- Published
- 2025-04-02T01:35:46.382034Z
- Modified
- 2025-10-13T04:40:59Z
- Summary
- phpseclib vulnerabilities
- Details
-
It was discovered that phpseclib did not correctly handle RSA PKCS#1 v1.5 signature verification. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-30130)
It was discovered that phpseclib did not correctly handle certain characters in certain TLS fields, which could lead to name confusion. An attacker could possibly use this issue to bypass authentication. (CVE-2023-52892)
It was discovered that phpseclib incorrectly limited the size of prime numbers generated by isPrime. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-27354)
It was discovered that phpseclib did not correctly handle processing the ASN.1 object identifier of a certificate. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-27355)
- References
Affected packages
Ubuntu:Pro:16.04:LTS
php-phpseclib
Package
- Name
- php-phpseclib
- Purl
- pkg:deb/ubuntu/php-phpseclib@2.0.1-1ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.1-1ubuntu0.1~esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "php-phpseclib",
"binary_version": "2.0.1-1ubuntu0.1~esm2"
}
]
}Database specific
cves_map
{
"cves": [
{
"id": "CVE-2023-52892",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27354",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
phpseclib
Package
- Name
- phpseclib
- Purl
- pkg:deb/ubuntu/phpseclib@1.0.1-3ubuntu0.1+esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.1-3ubuntu0.1+esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "php-seclib",
"binary_version": "1.0.1-3ubuntu0.1+esm1"
}
]
}Database specific
cves_map
{
"cves": [
{
"id": "CVE-2023-52892",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27354",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
Ubuntu:Pro:18.04:LTS
php-phpseclib
Package
- Name
- php-phpseclib
- Purl
- pkg:deb/ubuntu/php-phpseclib@2.0.9-1ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.9-1ubuntu0.1~esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "php-phpseclib",
"binary_version": "2.0.9-1ubuntu0.1~esm2"
}
]
}Database specific
cves_map
{
"cves": [
{
"id": "CVE-2023-52892",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27354",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
phpseclib
Package
- Name
- phpseclib
- Purl
- pkg:deb/ubuntu/phpseclib@1.0.9-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.9-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "php-seclib",
"binary_version": "1.0.9-1ubuntu0.1~esm1"
}
]
}Database specific
cves_map
{
"cves": [
{
"id": "CVE-2023-52892",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27354",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
Ubuntu:Pro:20.04:LTS
php-phpseclib
Package
- Name
- php-phpseclib
- Purl
- pkg:deb/ubuntu/php-phpseclib@2.0.23-2ubuntu0.1~esm2?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.23-2ubuntu0.1~esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "php-phpseclib",
"binary_version": "2.0.23-2ubuntu0.1~esm2"
}
]
}Database specific
cves_map
{
"cves": [
{
"id": "CVE-2021-30130",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-52892",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27354",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27355",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
phpseclib
Package
- Name
- phpseclib
- Purl
- pkg:deb/ubuntu/phpseclib@1.0.18-2ubuntu0.1~esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.18-2ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "php-seclib",
"binary_version": "1.0.18-2ubuntu0.1~esm1"
}
]
}Database specific
cves_map
{
"cves": [
{
"id": "CVE-2021-30130",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-52892",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27354",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27355",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
Ubuntu:Pro:22.04:LTS
php-phpseclib
Package
- Name
- php-phpseclib
- Purl
- pkg:deb/ubuntu/php-phpseclib@2.0.36-1ubuntu0.1~esm2?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.36-1ubuntu0.1~esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "php-phpseclib",
"binary_version": "2.0.36-1ubuntu0.1~esm2"
}
]
}Database specific
cves_map
{
"cves": [
{
"id": "CVE-2023-52892",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27354",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27355",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:22.04:LTS"
}
php-phpseclib3
Package
- Name
- php-phpseclib3
- Purl
- pkg:deb/ubuntu/php-phpseclib3@3.0.13-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.13-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "php-phpseclib3",
"binary_version": "3.0.13-1ubuntu0.1~esm1"
}
]
}Database specific
cves_map
{
"cves": [
{
"id": "CVE-2023-52892",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27354",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27355",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:22.04:LTS"
}
phpseclib
Package
- Name
- phpseclib
- Purl
- pkg:deb/ubuntu/phpseclib@1.0.20-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.20-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "php-seclib",
"binary_version": "1.0.20-1ubuntu0.1~esm1"
}
]
}Database specific
cves_map
{
"cves": [
{
"id": "CVE-2023-52892",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27354",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-27355",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:22.04:LTS"
}