DEBIAN-CVE-2023-52892

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-52892

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-52892.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-52892

Upstream

CVE-2023-52892

Published

2024-06-27T22:15:10Z

Modified

2025-10-14T04:26:22.943340Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

References

https://security-tracker.debian.org/tracker/CVE-2023-52892

Affected packages

Debian:11

php-phpseclib

Package

Name: php-phpseclib
Purl: pkg:deb/debian/php-phpseclib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.30-2

2.0.30-2+deb11u1

2.0.30-2+deb11u2

2.0.31-1

2.0.32-1

2.0.33-1

2.0.34-1

2.0.35-1

2.0.36-1

2.0.37-1

2.0.38-1

2.0.38-2

2.0.38-3

2.0.38-4

2.0.39-1

2.0.40-1

2.0.41-1

2.0.42-1

2.0.44-1

2.0.45-1

2.0.46-1

2.0.47-1

2.0.47-2

2.0.47-3

2.0.48-1

2.0.48-2

2.0.48-3

2.0.49-1

3.*

3.0.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

phpseclib

Package

Name: phpseclib
Purl: pkg:deb/debian/phpseclib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.19-3

1.0.19-3+deb11u1

1.0.19-3+deb11u2

1.0.20-1

1.0.21-1

1.0.21-2

1.0.22-1

1.0.23-1

1.0.23-2

1.0.23-3

1.0.23-4

1.0.23-5

1.0.23-6

1.0.24-1

2.*

2.0.0-1

2.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

php-phpseclib

Package

Name: php-phpseclib
Purl: pkg:deb/debian/php-phpseclib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.42-1

2.0.42-1+deb12u1

2.0.42-1+deb12u2

2.0.44-1

2.0.45-1

2.0.46-1

2.0.47-1

2.0.47-2

2.0.47-3

2.0.48-1

2.0.48-2

2.0.48-3

2.0.49-1

3.*

3.0.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

php-phpseclib3

Package

Name: php-phpseclib3
Purl: pkg:deb/debian/php-phpseclib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.19-1

3.0.19-1+deb12u1

3.0.19-1+deb12u2

3.0.19-1+deb12u3

3.0.20-1

3.0.21-1

3.0.21-2

3.0.22-1

3.0.23-1

3.0.33-1

3.0.34-1

3.0.35-1

3.0.36-1

3.0.37-1

3.0.38-1

3.0.39-1

3.0.41-1

3.0.42-1

3.0.43-1

3.0.43-2

3.0.44-1

3.0.44-2

3.0.45-1

3.0.46-1

3.0.46-2

3.0.47-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

phpseclib

Package

Name: phpseclib
Purl: pkg:deb/debian/phpseclib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.20-1

1.0.20-1+deb12u1

1.0.20-1+deb12u2

1.0.21-1

1.0.21-2

1.0.22-1

1.0.23-1

1.0.23-2

1.0.23-3

1.0.23-4

1.0.23-5

1.0.23-6

1.0.24-1

2.*

2.0.0-1

2.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

php-phpseclib

Package

Name: php-phpseclib
Purl: pkg:deb/debian/php-phpseclib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

php-phpseclib3

Package

Name: php-phpseclib3
Purl: pkg:deb/debian/php-phpseclib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.33-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

phpseclib

Package

Name: phpseclib
Purl: pkg:deb/debian/phpseclib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.22-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

php-phpseclib

Package

Name: php-phpseclib
Purl: pkg:deb/debian/php-phpseclib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

php-phpseclib3

Package

Name: php-phpseclib3
Purl: pkg:deb/debian/php-phpseclib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.33-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

phpseclib

Package

Name: phpseclib
Purl: pkg:deb/debian/phpseclib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.22-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}