High severityNVD Advisory· Published Jun 27, 2024· Updated Aug 21, 2024
CVE-2023-52892
CVE-2023-52892
Description
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpseclib/phpseclibPackagist | < 1.0.22 | 1.0.22 |
phpseclib/phpseclibPackagist | >= 2.0.0, < 2.0.46 | 2.0.46 |
phpseclib/phpseclibPackagist | >= 3.0.0, < 3.0.33 | 3.0.33 |
Affected products
2Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.