Ubuntu.comUB:CVE-2023-52892CVE-2023-52892
6.8 Medium
AI Score
Confidence
Low
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some
characters in Subject Alternative Name fields in TLS certificates are
incorrectly allowed to have a special meaning in regular expressions (such
as a + wildcard), leading to name confusion in X.509 certificate host
verification.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | php-phpseclib | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | php-phpseclib | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | php-phpseclib | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | php-phpseclib | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | php-phpseclib | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | php-phpseclib3 | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | php-phpseclib3 | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | phpseclib | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | phpseclib | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | phpseclib | < any | UNKNOWN |
References
github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627 (1.0.22, 2.0.46, 3.0.33)
github.com/phpseclib/phpseclib/issues/1943
github.com/phpseclib/phpseclib/releases/tag/3.0.33
github.com/x509-name-testing/name_testing_artifacts
launchpad.net/bugs/cve/CVE-2023-52892
nvd.nist.gov/vuln/detail/CVE-2023-52892
security-tracker.debian.org/tracker/CVE-2023-52892
www.cve.org/CVERecord?id=CVE-2023-52892
Related
