Headline
CVE-2023-49316: Math/BinaryField: fix for excessively large degrees · phpseclib/phpseclib@964d781
In Math/BinaryField.php in phpseclib before 3.0.34, excessively large degrees can lead to a denial of service.
Expand Up
@@ -704,4 +704,20 @@ public function testIEEESignature()
$this->assertTrue($key->verify('hello world!’, $signature));
}
public function testExcessivelyLargeBinaryField()
{
$this->expectException(‘\OutOfBoundsException’);
$key = '-----BEGIN PUBLIC KEY-----
MIIBDDCB0wYHKoZIzj0CATCBxwIBATAgBgcqhkjOPQECMBUCBH////8GCSqGSM49
AQIDAgICAMEwTQQZABeFj+t6mJdRaeFx93tAh94JisipEd97AQQZAP37Sb/mw6if
rK2qeh5bvHzBwuXYMUeIFAMVABA/rsdNaW5naHVhUXV3f8Wxke8wBDMEAfSBvF8P
+Ep0rWzfb970v2F5YlNy2MDF4QAl45nykDcSzPPqnjoa0X+wsyAbavfOGwUCGQEA
AAAAAAAAAAAAAADH80p3j0Q6zJIOukkCAQIDNAAEAE2mUTAwdPK952h3G8ZinK8B
z9DYTLdGkQDqox3AtEs9nn6kE1O/vHE4bqMegjj4gbA=
-----END PUBLIC KEY-----';
$key = EC::loadFormat('PKCS8’, $key);
$this->assertInstanceOf(PublicKey::class, $key);
}
}
Related news
In Math/BinaryField.php in phpseclib before 3.0.34, excessively large degrees in binary fields can lead to a denial of service.