VYPR
High severityNVD Advisory· Published Jun 27, 2024· Updated Aug 21, 2024

CVE-2023-52892

CVE-2023-52892

Description

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
phpseclib/phpseclibPackagist
< 1.0.221.0.22
phpseclib/phpseclibPackagist
>= 2.0.0, < 2.0.462.0.46
phpseclib/phpseclibPackagist
>= 3.0.0, < 3.0.333.0.33

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.