CVE-2024-27355 is a vulnerability identified in the phpseclib library, versions 1.x prior to 1.0.23, 2.x prior to 2.0.47, and 3.x prior to 3.0.36. Phpseclib is a widely used pure PHP implementation of various cryptographic algorithms and protocols, often employed in web applications for secure communications and certificate handling. The vulnerability resides in the ASN.1 object identifier (OID) processing logic, specifically within the decodeOID function. ASN.1 OIDs are sequences of sub identifiers used to uniquely identify objects such as cryptographic algorithms or certificate attributes. An attacker can craft a malicious certificate or ASN.1 structure containing a sub identifier that triggers excessive CPU consumption during the decoding process. This results in a denial of service (DoS) condition by exhausting server resources, effectively making the service unresponsive. The vulnerability does not require any privileges or user interaction and can be triggered remotely by supplying a maliciously crafted certificate or data to the vulnerable phpseclib instance. The CVSS v3.1 base score is 7.5, reflecting high severity due to the network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact is limited to availability (DoS) with no direct confidentiality or integrity compromise. No public exploit code or active exploitation has been reported yet, but the vulnerability poses a significant risk to any system relying on vulnerable phpseclib versions for certificate or cryptographic processing. Mitigation involves upgrading phpseclib to versions 1.0.23, 2.0.47, or 3.0.36 and later, where the decodeOID function has been hardened against such resource exhaustion attacks.

The primary impact of CVE-2024-27355 is denial of service through resource exhaustion, specifically high CPU consumption during ASN.1 OID decoding. Organizations using vulnerable phpseclib versions in their web applications or services that process certificates may experience service outages or degraded performance when exposed to crafted malicious inputs. This can disrupt critical operations, especially in environments relying on automated certificate validation or cryptographic functions, such as secure communications, authentication, or data encryption workflows. The vulnerability does not compromise data confidentiality or integrity but can cause significant operational downtime and potential cascading failures in dependent systems. Attackers can exploit this remotely without authentication or user interaction, increasing the risk of widespread disruption. The absence of known exploits in the wild currently limits immediate impact, but the ease of exploitation and high severity score indicate a strong potential for future attacks. Organizations with high availability requirements, such as financial institutions, cloud service providers, and government agencies, are particularly at risk of operational impact.

1. Immediately upgrade phpseclib to version 1.0.23, 2.0.47, 3.0.36, or later, where the vulnerability has been patched. 2. Implement input validation and filtering to detect and block malformed or suspicious ASN.1 data before processing. 3. Employ rate limiting and resource usage monitoring on services that handle certificate parsing to detect abnormal CPU spikes indicative of exploitation attempts. 4. Use web application firewalls (WAFs) with custom rules to identify and block malicious payloads targeting ASN.1 parsing. 5. Conduct regular security audits and code reviews of cryptographic libraries and their usage within applications. 6. Isolate cryptographic processing in sandboxed environments to limit the impact of potential DoS attacks. 7. Maintain up-to-date threat intelligence to respond quickly if exploit code becomes available. 8. Educate development and operations teams about the risks of processing untrusted certificate data and the importance of timely patching.