7.5

CVE-2023-52892

EPSS 0.14%
Published 27.06.2024 22:15:10
Last modified 21.11.2024 08:40:48
Source cve@mitre.org
Teams watchlist Login
Open Login

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorphpseclib

≫

Product phpseclib

Default Statusunknown

Version < 1.0.22

Version 0

Status affected

Version < 2.0.46

Version 2.0

Status affected

Version < 3.0.33

Version 3.0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.339

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-436 Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627

https://github.com/phpseclib/phpseclib/issues/1943

https://github.com/phpseclib/phpseclib/releases/tag/3.0.33

https://github.com/x509-name-testing/name_testing_artifacts

https://nvd.nist.gov/vuln/detail/CVE-2023-52892

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52892

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52892

EUVD