CVE-2023-52892 - Vulnerability Details - OpenCVE

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00135.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpseclib	Phpseclib

Configuration 1 [-]

OR	cpe:2.3:a:phpseclib:phpseclib::::::::
	cpe:2.3:a:phpseclib:phpseclib::::::::
	cpe:2.3:a:phpseclib:phpseclib::::::::

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Phpseclib	Phpseclib

Advisories

Source	ID	Title
Github GHSA	GHSA-ff7q-6vwh-v9m4	Name confusion in x509 Subject Alternative Name fields
Ubuntu USN	USN-7404-1	phpseclib vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
https://github.com/phpseclib/phpseclib/issues/1943
https://github.com/phpseclib/phpseclib/releases/tag/3.0.33
https://github.com/x509-name-testing/name_testing_artifacts

History

Wed, 22 Oct 2025 20:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:phpseclib:phpseclib::::::::

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00154}`	epss `{'score': 0.00125}`

Wed, 21 Aug 2024 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-436
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-06-27T00:00:00

Updated: 2024-08-21T20:02:23.834Z

Reserved: 2024-06-27T00:00:00

Link: CVE-2023-52892

Vulnrichment

Updated: 2024-08-02T23:18:41.296Z

NVD

Status : Analyzed

Published: 2024-06-27T22:15:10.277

Modified: 2025-10-22T20:40:45.620

Link: CVE-2023-52892

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-12T22:44:30Z

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-52892", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-21T20:02:23.834Z", "dateReserved": "2024-06-27T00:00:00", "datePublished": "2024-06-27T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-27T21:31:34.635141"}, "descriptions": [{"lang": "en", "value": "In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/phpseclib/phpseclib/issues/1943"}, {"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.33"}, {"url": "https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627"}, {"url": "https://github.com/x509-name-testing/name_testing_artifacts"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.296Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/phpseclib/phpseclib/issues/1943", "tags": ["x_transferred"]}, {"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.33", "tags": ["x_transferred"]}, {"url": "https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627", "tags": ["x_transferred"]}, {"url": "https://github.com/x509-name-testing/name_testing_artifacts", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-436", "lang": "en", "description": "CWE-436 Interpretation Conflict"}]}], "affected": [{"vendor": "phpseclib", "product": "phpseclib", "cpes": ["cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.22", "versionType": "custom"}, {"version": "2.0", "status": "affected", "lessThan": "2.0.46", "versionType": "custom"}, {"version": "3.0", "status": "affected", "lessThan": "3.0.33", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T19:54:11.710267Z", "id": "CVE-2023-52892", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T20:02:23.834Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/phpseclib/phpseclib/issues/1943", "tags": ["x_transferred"]}, {"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.33", "tags": ["x_transferred"]}, {"url": "https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627", "tags": ["x_transferred"]}, {"url": "https://github.com/x509-name-testing/name_testing_artifacts", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.296Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52892", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-21T19:54:11.710267Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*"], "vendor": "phpseclib", "product": "phpseclib", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.22", "versionType": "custom"}, {"status": "affected", "version": "2.0", "lessThan": "2.0.46", "versionType": "custom"}, {"status": "affected", "version": "3.0", "lessThan": "3.0.33", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-436", "description": "CWE-436 Interpretation Conflict"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T19:58:13.901Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/phpseclib/phpseclib/issues/1943"}, {"url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.33"}, {"url": "https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627"}, {"url": "https://github.com/x509-name-testing/name_testing_artifacts"}], "descriptions": [{"lang": "en", "value": "In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-27T21:31:34.635141"}}}, "cveMetadata": {"cveId": "CVE-2023-52892", "state": "PUBLISHED", "dateUpdated": "2024-08-21T20:02:23.834Z", "dateReserved": "2024-06-27T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-06-27T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC278869-68C8-4B15-9ADE-0B22DCDD2E91", "versionEndExcluding": "1.0.22", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3497E33-6207-4B0D-9E11-71C90048695C", "versionEndExcluding": "2.0.46", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A3C5942-8313-4EC1-9333-490EA25E26B2", "versionEndExcluding": "3.0.33", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification."}, {"lang": "es", "value": "En phpseclib anterior a 1.0.22, 2.x anterior a 2.0.46 y 3.x anterior a 3.0.33, se permite incorrectamente que algunos caracteres en los campos Nombre alternativo del sujeto en los certificados TLS tengan un significado especial en expresiones regulares (como + comod\u00edn), lo que genera confusi\u00f3n de nombres en la verificaci\u00f3n del host de certificados X.509."}], "id": "CVE-2023-52892", "lastModified": "2025-10-22T20:40:45.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-27T22:15:10.277", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/phpseclib/phpseclib/issues/1943"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.33"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://github.com/x509-name-testing/name_testing_artifacts"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/phpseclib/phpseclib/issues/1943"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://github.com/x509-name-testing/name_testing_artifacts"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-436"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}