In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| phpseclib/phpseclib(Packagist) | 0 | 1.0.22 | N/A |
| phpseclib/phpseclib(Packagist) | 2.0.0 | 2.0.46 | N/A |
| phpseclib/phpseclib(Packagist) | 3.0.0 | 3.0.33 | N/A |
CVSS Metrics
