CVE-2023-52892

Published: Jun 27, 2024

Modified: Aug 21, 2024

PUBLISHED

Description

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/phpseclib/phpseclib/issues/1943

https://github.com/phpseclib/phpseclib/releases/tag/3.0.33

https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627

https://github.com/x509-name-testing/name_testing_artifacts

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-52892

Description

Affected Products

References