Products
phpseclib
- before 1.0.22
- 2.x before 2.0.46
- 3.x before 3.0.33
Source
cve@mitre.org
Tags
CVE-2023-52892 details
Published : June 27, 2024, 10:15 p.m.
Last Modified : June 27, 2024, 10:15 p.m.
Last Modified : June 27, 2024, 10:15 p.m.
Description
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627 | cve@mitre.org |
| https://github.com/phpseclib/phpseclib/issues/1943 | cve@mitre.org |
| https://github.com/phpseclib/phpseclib/releases/tag/3.0.33 | cve@mitre.org |
| https://github.com/x509-name-testing/name_testing_artifacts | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.