Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-2099

Published: 09/10/2013 Updated: 13/02/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Python

Vulnerability Summary

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and previous versions, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote malicious users to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

Vulnerable Product Search on Vulmon Subscribe to Product

python python 3.3.2

python python 3.2.2

python python 3.2.5

python python 3.2.1

python python 3.2.0

python python 3.3.1

python python 3.2.3

python python 3.3.0

python python 3.2.4

canonical ubuntu linux 13.04

canonical ubuntu linux 12.10

canonical ubuntu linux 12.04

Vendor Advisories

Red Hat: Low: cloud-init security, bug fix, and enhancement update
Synopsis Low: cloud-init security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic Updated cloud-init packages that fix one security issue, several bugs, andadd various enhancements are now available for Red Hat Common for Red HatEnterprise Linux 6Red Hat Product Security has rat ...
Debian CVElist Bug Report Logs: python3: CVE-2013-2099: ssl.match_hostname() trips over crafted wildcard
Debian Bug report logs - #708530 python3: CVE-2013-2099: sslmatch_hostname() trips over crafted wildcard Package: python33; Maintainer for python33 is (unknown); Reported by: Henri Salo <henri@nervfi> Date: Thu, 16 May 2013 13:04:55 UTC Severity: normal Tags: fixed-upstream, security Found in version python33/331-1 ...
Ubuntu Security Notice: python3.3 vulnerabilities
Several security issues were fixed in Python ...
Ubuntu Security Notice: python3.2 vulnerabilities
Several security issues were fixed in Python ...
Ubuntu Security Notice: python2.7 vulnerabilities
Several security issues were fixed in Python ...
Amazon Linux AMI: ALAS-2015-521
A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU ...
Red Hat: CVE-2013-2099
A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU ...

References

CWE-399http://secunia.com/advisories/55116http://secunia.com/advisories/55107https://bugzilla.redhat.com/show_bug.cgi?id=963260http://www.ubuntu.com/usn/USN-1983-1http://www.ubuntu.com/usn/USN-1985-1http://bugs.python.org/issue17980http://www.openwall.com/lists/oss-security/2013/05/16/6http://www.ubuntu.com/usn/USN-1984-1http://rhn.redhat.com/errata/RHSA-2014-1690.htmlhttps://access.redhat.com/errata/RHSA-2016:1166https://access.redhat.com/errata/RHSA-2015:0042https://nvd.nist.govhttps://usn.ubuntu.com/1985-1/https://access.redhat.com/security/cve/cve-2013-2099
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook