CVE-2023-49316

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 27, 2023

Updated: Dec 1, 2023

CWE ID 834

Summary

CVE-2023-49316 is a denial-of-service vulnerability affecting the Math/BinaryField.php file in phpseclib 3 versions prior to 3.0.34. When handling large degrees in certain mathematical operations, the software experiences excessive resource consumption, leading to a denial of service condition. Attackers can exploit this issue by supplying unusually large values to trigger the unwanted behavior, potentially causing service disruptions. It is recommended that users update to the latest phpseclib version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tk3RVT
https://www.cve.org/CVERecord?id=CVE-2023-49316
https://nvd.nist.gov/vuln/detail/CVE-2023-49316

Back to Vulnerability Database

CVE-2023-49316

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations