VIR Vulnerability Intelligence Relay

CVE-2024-27354

high
Published 2026-05-06 · Modified 2026-05-06
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v2
VIR risk
8.0

Description

phpseclib: guardrails needed on isPrime and randomPrime

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-27354

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed2.0.42-1+deb12u2
debian debianbullseyefixed2.0.30-2+deb11u2
debian debianforkyfixed2.0.47-1
debian debiansidfixed2.0.47-1
debian debiantrixiefixed2.0.47-1

Package impact
EcosystemPackageVulnerableFixed
php Packagistphpseclib/phpseclib>=0.1.1,<1.0.231.0.23
php Packagistphpseclib/phpseclib>=2.0.0,<2.0.472.0.47
php Packagistphpseclib/phpseclib>=3.0.0,<3.0.363.0.36
php Packagistphpseclib/phpseclib>=1.0.0,<1.0.231.0.23
php COMPOSERphpseclib/phpseclib>= 3.0.0, < 3.0.363.0.36
php COMPOSERphpseclib/phpseclib>= 2.0.0, < 2.0.472.0.47
php COMPOSERphpseclib/phpseclib>= 0.1.1, < 1.0.231.0.23

References

Verify integrity in audit chain (admin only). AS-IS.