---
What is CVE-2024-27354?
CVE-2024-27354 is a newly discovered vulnerability affecting the popular phpseclib library, widely used in PHP for implementing secure cryptography, including functions for SSH and SFTP. This issue was found in all versions of phpseclib prior to 1..23, 2..47, and 3..36. To put it simply: if your app uses an older version, it might be vulnerable.
Here’s what makes this CVE important
- If an attacker sends a specially crafted X.509 certificate (like for SSL/TLS) with a very large prime number, the phpseclib library will try to check if that number is prime (using isPrime). This check is computationally heavy, and with an extremely large number, it can overload the server’s CPU.
- The end result: Denial of Service (DoS). The app keeps working hard and slows down or even stops responding to legitimate users.
How Was This Introduced?
This flaw was unintentionally created as part of an earlier fix for CVE-2023-27560. That patch added stricter certificate parsing, but also led to the vulnerable primality check.
All projects using phpseclib v1.x below 1..23, v2.x below 2..47, or v3.x below 3..36.
- Especially those where end-users or external parties can submit X.509 certificates for validation. This might be on custom authentication systems, file uploads, or APIs performing certificate checks.
How Does the Exploit Work?
The attacker creates a certificate with an RSA public key containing a huge prime number. When the vulnerable version of phpseclib parses this certificate, it calls its isPrime() function on the large number, consuming excessive CPU and eventually stalling or “freezing” your web server.
Example Code Scenario
Here’s a simplified PHP snippet (for illustration only) showing how certificate parsing might work with phpseclib (vulnerable version):
use phpseclib3\File\X509;
// Suppose $userCert is an uploaded cert (PEM or DER)
$cert = new X509();
$certDetails = $cert->loadX509($userCert);
if ($certDetails === false) {
die('Invalid certificate');
}
// ... further processing
In a vulnerable version, a malicious $userCert with a massive prime can trigger prolonged CPU usage.
What Would a Malformed Certificate Look Like?
Creating a real malicious cert requires some cryptographic tooling, but here’s pseudocode for the attack logic:
$largePrime = new BigInteger(str_repeat('F', 100000), 16);
$rsa = new RSA();
$rsa->setPublicKey($largePrime, 65537); // e and n, intentionally bad
$malCert = createFakeCertificate($rsa);
// Submit $malCert to target application using vulnerable phpseclib
(_Note: This won’t work with patched versions._)
To upgrade via Composer (recommended)
composer update phpseclib/phpseclib
Or specify the version
composer require "phpseclib/phpseclib:^3..36"
Official Patches & Resources
- phpseclib 1..23 Release Notes
- phpseclib 2..47 Release Notes
- phpseclib 3..36 Release Notes
- NVD Entry: CVE-2024-27354
- GitHub Issue Discussion _(replace with actual issue once known)_
Rate-limiting endpoints handling certificates.
- Input validation for certificate size/format before parsing.
Conclusion
CVE-2024-27354 is a simple, devastating DoS caused by a "fix gone wrong". It highlights how subtle changes in cryptography libraries can create new risks. Any project using phpseclib for certificate parsing must update immediately to the safe version.
Stay safe, patch regularly, and always verify user input—even when it seems harmless.
Timeline
Published on: 03/01/2024 23:15:08 UTC
Last modified on: 08/01/2024 13:48:23 UTC