Main Vulnerability Database Vulnerabilities #VU108060

#VU108060 Input validation error in phpseclib - CVE-2023-52892

Published: April 29, 2025

Vulnerability identifier: #VU108060

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-52892

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
phpseclib

Software vendor:
phpseclib

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when handling some characters in Subject Alternative Name fields in TLS certificates. These fields are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

Remediation

Install updates from vendor's website.

External links

https://github.com/phpseclib/phpseclib/issues/1943
https://github.com/phpseclib/phpseclib/releases/tag/3.0.33
https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
https://github.com/x509-name-testing/name_testing_artifacts

#VU108060 Input validation error in phpseclib - CVE-2023-52892

Description

Remediation

External links

Please verify you're human