CVE-2023-52892

NameCVE-2023-52892
DescriptionIn phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php-phpseclib (PTS)stretch (lts), stretch2.0.30-2~deb9u1vulnerable
buster (security), buster, buster (lts)2.0.30-2~deb10u3vulnerable
bullseye2.0.30-2+deb11u2vulnerable
bullseye (security)2.0.30-2+deb11u1vulnerable
bookworm2.0.42-1+deb12u2vulnerable
bookworm (security)2.0.42-1+deb12u1vulnerable
sid, trixie2.0.47-3fixed
php-phpseclib3 (PTS)bookworm3.0.19-1+deb12u3vulnerable
bookworm (security)3.0.19-1+deb12u2vulnerable
sid, trixie3.0.42-1fixed
phpseclib (PTS)jessie0.3.8-1vulnerable
stretch (lts), stretch1.0.19-1~deb9u2vulnerable
buster (security), buster, buster (lts)1.0.19-3~deb10u3vulnerable
bullseye1.0.19-3+deb11u2vulnerable
bullseye (security)1.0.19-3+deb11u1vulnerable
bookworm1.0.20-1+deb12u2vulnerable
bookworm (security)1.0.20-1+deb12u1vulnerable
sid, trixie1.0.23-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php-phpseclibsource(unstable)2.0.46-1
php-phpseclib3source(unstable)3.0.33-1
phpseclibsourcejessie(unfixed)end-of-life
phpseclibsource(unstable)1.0.22-1

Notes

[bookworm] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
[bullseye] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
[bookworm] - php-phpseclib <no-dsa> (Minor issue; can be fixed via pu)
[bullseye] - php-phpseclib <no-dsa> (Minor issue; can be fixed via pu)
[bookworm] - php-phpseclib3 <no-dsa> (Minor issue; can be fixed via pu)
https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627 (1.0.22, 2.0.46, 3.0.33)
https://github.com/phpseclib/phpseclib/issues/1943
[buster] - php-phpseclib <postponed> (Minor issue; can be fixed in next update)
[stretch] - php-phpseclib <postponed> (Minor issue; can be fixed in next update)
[buster] - phpseclib <postponed> (Minor issue; can be fixed in next update)
[stretch] - phpseclib <postponed> (Minor issue; can be fixed in next update)

Search for package or bug name: Reporting problems