CVE-2023-52892

Publication date 27 June 2024

Last updated 24 July 2024


Ubuntu priority

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

Status

Package Ubuntu Release Status
php-phpseclib 24.10 oracular
Not affected
24.04 LTS noble
Not affected
23.10 mantic Ignored end of life, was needs-triage
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
php-phpseclib3 24.10 oracular
Not affected
24.04 LTS noble
Not affected
23.10 mantic Ignored end of life, was needs-triage
22.04 LTS jammy
Needs evaluation
20.04 LTS focal Not in release
phpseclib 24.10 oracular
Not affected
24.04 LTS noble
Not affected
23.10 mantic Ignored end of life, was needs-triage
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation