CVE-2023-52892

N/A

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

N/A

N/A

phpseclib 安全漏洞

phpseclib是phpseclib开源的一个 PHP 安全通信库。 phpseclib 1.0.22 之前、2.0.46 之前、3.0.33 之前版本存在安全漏洞，该漏洞源于TLS 证书中 Subject Alternative Name 字段中的某些字符允许在正则表达式中具有特殊含义，从而导致 X.509 证书主机验证中的名称混淆。

N/A

N/A