Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-52892

Опубликовано: 27 июн. 2024
Источник: debian
EPSS Низкий

Описание

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
phpseclibfixed1.0.22-1package
phpseclibno-dsabookwormpackage
phpseclibno-dsabullseyepackage
php-phpseclibfixed2.0.46-1package
php-phpseclibno-dsabookwormpackage
php-phpseclibno-dsabullseyepackage
php-phpseclib3fixed3.0.33-1package
php-phpseclib3no-dsabookwormpackage

Примечания

  • https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627 (1.0.22, 2.0.46, 3.0.33)

  • https://github.com/phpseclib/phpseclib/issues/1943

EPSS

Процентиль: 37%
0.00154
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-52892

CVSS3: 7.5
ubuntu
около 1 года назад

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

nvd логотип

CVE-2023-52892

CVSS3: 7.5
nvd
около 1 года назад

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

redos логотип

ROS-20240702-04

CVSS3: 7.5
redos
12 месяцев назад

Уязвимость php-phpseclib

github логотип

GHSA-ff7q-6vwh-v9m4

CVSS3: 7.5
github
около 1 года назад

Name confusion in x509 Subject Alternative Name fields

EPSS

Процентиль: 37%
0.00154
Низкий