CVE-2024-27354: CVE-2024-27354: Computational Denial of Service via Unbounded Primality Testing in phpseclib

CVE-2024-27354: Computational Denial of Service via Unbounded Primality Testing in phpseclib

Vulnerability ID: CVE-2024-27354
CVSS Score: 7.5
Published: 2026-05-06

A computational Denial of Service (DoS) vulnerability in phpseclib allows unauthenticated attackers to exhaust CPU resources by supplying malformed X.509 certificates. The vulnerability arises from missing bit-length upper bounds in the Miller-Rabin primality test implementation when evaluating explicit elliptic curve field parameters.

TL;DR

phpseclib before versions 1.0.23, 2.0.47, and 3.0.36 suffers from a computational DoS flaw where parsing maliciously crafted X.509 certificates with massive explicit primes triggers an unbounded Miller-Rabin primality test, leading to CPU exhaustion.

---

⚠️ Exploit Status: POC

Technical Details

• CWE ID: CWE-400
• Attack Vector: Network
• CVSS v3.1 Score: 7.5 (High)
• EPSS Score: 0.00204 (42.24%)
• Impact: Denial of Service (CPU Exhaustion)
• Exploit Status: Proof of Concept
• CISA KEV: No

Affected Systems

• phpseclib 1.x series
• phpseclib 2.x series
• phpseclib 3.x series
• phpseclib: 1.x < 1.0.23 (Fixed in: 1.0.23)
• phpseclib: 2.x < 2.0.47 (Fixed in: 2.0.47)
• phpseclib: 3.x < 3.0.36 (Fixed in: 3.0.36)

Code Analysis

Commit: 0358eb1

Fix Commit (3.0 branch) introducing the 8196-bit length check

Commit: ad5dbdf

Fix Commit (2.0 branch) utilizing user_error for the guardrail

Commit: c55b751

Follow-up fix for the getLength calculation logic

Exploit Details

• Research Paper: X.509DoS: Exploiting and Detecting Denial-of-Service Vulnerabilities in X.509 Certificate Parsing

Mitigation Strategies

• Upgrade phpseclib to the latest patched version on the active release branch.
• Implement application-level limits on the size of uploaded X.509 certificate files.
• Configure standard PHP execution timeouts (max_execution_time) to bound resource consumption on worker threads.
• Register a custom PHP error handler to convert E_USER_NOTICE into fatal exceptions if operating on the 1.x or 2.x branches.

Remediation Steps:

1. Identify the current version of phpseclib utilizing Composer (composer show phpseclib/phpseclib).
2. Update the version constraint in composer.json to ensure a minimum version of 1.0.23, 2.0.47, or 3.0.36.
3. Execute composer update phpseclib/phpseclib to retrieve the patched library.
4. If utilizing the 1.x or 2.x branches, review application bootstrap code to ensure set_error_handler upgrades E_USER_NOTICE to a thrown exception.

References

• GitHub Advisory: GHSA-hg35-mp25-qf6h
• katzj Gist - Technical Write-up
• USENIX Security '25: X.509DoS Paper
• phpseclib 3.0 Fix Commit
• phpseclib 2.0 Fix Commit
• phpseclib getLength Fix Commit

---

Read the full report for CVE-2024-27354 on our website for more details including interactive diagrams and full exploit analysis.