CVE-2023-52892

HIGH

Phpseclib < 1.0.22 - Interpretation Conflict

Title source: rule
STIX 2.1

Description

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

References (4)

Scores

CVSS v3 7.5
EPSS 0.0022
EPSS Percentile 45.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-436
Status published
Products (2)
phpseclib/phpseclib 0 - 1.0.22Packagist
phpseclib/phpseclib 1.0.0 - 1.0.22
Published Jun 27, 2024
Tracked Since Feb 18, 2026