Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2023-52892

June 27, 2024, 10:15 p.m.

Product(s) Impacted

phpseclib

  • before 1.0.22
  • 2.x before 2.0.46
  • 3.x before 3.0.33

Description

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

Weaknesses

Date

Published: June 27, 2024, 10:15 p.m.

Last Modified: June 27, 2024, 10:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References