CVE-2013-2099 Information

Feb 14, 2021 cve

Description

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x 3.3.x and earlier and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

Reference

http://bugs.python.org/issue17980 http://rhn.redhat.com/errata/RHSA-2014-1690.html http://secunia.com/advisories/55107 http://secunia.com/advisories/55116 http://www.openwall.com/lists/oss-security/2013/05/16/6 http://www.ubuntu.com/usn/USN-1983-1 http://www.ubuntu.com/usn/USN-1984-1 http://www.ubuntu.com/usn/USN-1985-1 https://access.redhat.com/errata/RHSA-2016:1166 https://bugzilla.redhat.com/show_bug.cgi?id=963260

Share on: