4.3

CVE-2013-2099

EPSS 4.07%
Published 09.10.2013 14:53:20
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Python ≫ Python Version3.2.0

Python ≫ Python Version3.2.1

Python ≫ Python Version3.2.2

Python ≫ Python Version3.2.3

Python ≫ Python Version3.2.4

Python ≫ Python Version3.2.5

Python ≫ Python Version3.3.0

Python ≫ Python Version3.3.1

Python ≫ Python Version3.3.2

Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version12.10

Canonical ≫ Ubuntu Linux Version13.04

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.07%	0.881

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

http://bugs.python.org/issue17980

Patch

http://rhn.redhat.com/errata/RHSA-2014-1690.html

http://secunia.com/advisories/55107

Vendor Advisory

http://secunia.com/advisories/55116

Vendor Advisory

http://www.openwall.com/lists/oss-security/2013/05/16/6

http://www.ubuntu.com/usn/USN-1983-1

http://www.ubuntu.com/usn/USN-1984-1

http://www.ubuntu.com/usn/USN-1985-1

https://access.redhat.com/errata/RHSA-2016:1166

https://bugzilla.redhat.com/show_bug.cgi?id=963260

https://nvd.nist.gov/vuln/detail/CVE-2013-2099

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-2099

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-2099

EUVD