Lucene search
GitHub Advisory DatabaseGHSA-FF7Q-6VWH-V9M4HistoryJun 28, 2024 - 12:33 a.m.
Name confusion in x509 Subject Alternative Name fields
2024-06-2800:33:31
CWE-436
GitHub Advisory Database
github.com
1
phpseclib
x509
tls certificates
regular expressions
name confusion
host verification
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
Affected configurations
Node
phpseclibphpseclibRange<3.0.33
ORphpseclibphpseclibRange<2.0.46
ORphpseclibphpseclibRange<1.0.22
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpseclib/phpseclib | lt | 3.0.33 | |
| phpseclib/phpseclib | lt | 2.0.46 | |
| phpseclib/phpseclib | lt | 1.0.22 |
References
github.com/advisories/GHSA-ff7q-6vwh-v9m4
github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
github.com/phpseclib/phpseclib/issues/1943
github.com/phpseclib/phpseclib/releases/tag/3.0.33
github.com/x509-name-testing/name_testing_artifacts
nvd.nist.gov/vuln/detail/CVE-2023-52892
Related
debiancve
debiancve
CVE-2023-52892
2024-06-27 22:15:10
osv
osv
Name confusion in x509 Subject Alternative Name fields
2024-06-28 00:33:31
CVE-2023-52892
2024-06-27 22:15:10
nvd
nvd
CVE-2023-52892
2024-06-27 22:15:10
cvelist
cvelist
CVE-2023-52892
2024-06-27 00:00:00
cve
cve
CVE-2023-52892
2024-06-27 22:15:10