Insecure Regular Expressions in TLS Certificates Could Lead to Name Confusion
CVE-2023-52892

7.5HIGH

Key Information:

Vendor: phpseclib
Status: phpseclib
Vendor: CVE Published:; 27 June 2024

What is CVE-2023-52892?

In affected versions of phpseclib, improperly handled characters in the Subject Alternative Name fields of TLS certificates can cause special characters, such as wildcards, to be misinterpreted. This flaw may lead to confusion during host verification, potentially allowing for identity spoofing. It is crucial for developers to update to patched versions to mitigate these risks and ensure proper validation of TLS certificates.

References

https://github.com/phpseclib/phpseclib/issues/1943

https://github.com/phpseclib/phpseclib/releases/tag/3.0.33

https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2024
Vulnerability Reserved
Jun 27, 2024

CVE-2023-52892 Data

JSON