CVE CyberSecurity Database News

CVE-2024-27355: Uncovering and Exploiting the Denial of Service Vulnerability in phpseclib

Poster -

CVE-2024-27355 is a vulnerability that affects various versions of the phpseclib library. The vulnerability could potentially lead to a Denial of Service (DoS) attack by causing excessive CPU consumption during the decoding process of ASN.1 object identifiers in certificates. This type of vulnerability can be extremely detrimental to a server's performance.

This post aims to provide a complete overview of CVE-2024-27355, including details about the vulnerability, the affected versions of phpseclib, code snippets, and original references. The post will also delve into the potential exploit details relating to this vulnerability.

Affected Versions

CVE-2024-27355 specifically impacts phpseclib versions 1.x before 1..23, 2.x before 2..47, and 3.x before 3..36. These versions are susceptible to DoS attacks due to the ASN.1 object identifier processing issue.

Code Snippet - Vulnerable Code

The vulnerability lies in the decoding process of ASN.1 object identifiers, particularly in the decodeOID() method. Here is a brief example of what the vulnerable code snippets might look like:

// decodeOID.php

function decodeOID($encoded_oid) {
    $decoded_oid = "";
    $first = true;
    
    // Excessive CPU consumption occurs in the following loop
    for ($i = ; $i < strlen($encoded_oid); $i++) {
        $part = ord($encoded_oid[$i]);
        if ($first) {
            $decoded_oid = floor($part / 40) . "." . ($part % 40);
            $first = false;
        } else {
            // Vulnerability triggered in the following loop
            while ($part & x80) {
                $part = ord($encoded_oid[++$i]);
            }
            $decoded_oid .= ".$part";
        }
    }
    
    return $decoded_oid;
}

Original References

For further reading on the CVE-2024-27355 vulnerability, please refer to the following original references:
1. CVE-2024-27355 Advisory
2. phpseclib Repository and Changelog

Exploit Details

An attacker could exploit this vulnerability by crafting a certificate containing a malicious ASN.1 object identifier with a specific sub identifier that would trigger the vulnerability. This crafted certificate could then be sent to the target server, causing the server to consume excessive CPU resources while attempting to decode the malicious certificate. As a result, the server could become unresponsive and eventually crash.

To mitigate this vulnerability, it is essential to update the affected versions of phpseclib to the latest versions (1..23, 2..47, or 3..36, as appropriate).

Conclusion

CVE-2024-27355 is a critical vulnerability that can lead to DoS attacks and severely impact the performance of affected servers. It is crucial to be aware of this vulnerability and take appropriate measures to update phpseclib to prevent potential exploitation. This post provided a detailed overview of CVE-2024-27355, including an explanation of the vulnerable code, original references, and exploit details.

Timeline

Published on: 03/01/2024 23:15:08 UTC
Last modified on: 08/13/2024 14:35:13 UTC