Interpretation Conflict

CVE-2023-52892

High

8.7/10

Summary

In phpseclib/phpseclib prior to 1.0.22, 2.x prior to 2.0.46, and 3.x prior to 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-436 - Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

References

Advisory
Issue
Release Note

Advisory Timeline

Published Jun 27, 2024

Interpretation Conflict

CVE-2023-52892

Summary

CWE-436 - Interpretation Conflict

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS