CVE-2023-52892

Publication date 27 June 2024

Last updated 2 April 2025

Ubuntu priority

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
php-phpseclib	25.04 plucky	Not affected
	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	23.10 mantic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Fixed 2.0.36-1ubuntu0.1~esm2 Ubuntu Pro
	20.04 LTS focal	Fixed 2.0.23-2ubuntu0.1~esm2 Ubuntu Pro
	18.04 LTS bionic	Fixed 2.0.9-1ubuntu0.1~esm2 Ubuntu Pro
	16.04 LTS xenial	Fixed 2.0.1-1ubuntu0.1~esm2 Ubuntu Pro
php-phpseclib3	25.04 plucky	Not affected
	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	23.10 mantic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Fixed 3.0.13-1ubuntu0.1~esm1 Ubuntu Pro
	20.04 LTS focal	Not in release
phpseclib	25.04 plucky	Not affected
	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	23.10 mantic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Fixed 1.0.20-1ubuntu0.1~esm1 Ubuntu Pro
	20.04 LTS focal	Fixed 1.0.18-2ubuntu0.1~esm1 Ubuntu Pro
	18.04 LTS bionic	Fixed 1.0.9-1ubuntu0.1~esm1 Ubuntu Pro
	16.04 LTS xenial	Fixed 1.0.1-3ubuntu0.1+esm1 Ubuntu Pro

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

CVE-2023-52892

Status

Get expanded security coverage with Ubuntu Pro

References

Related Ubuntu Security Notices (USN)

Other references