Description
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordLift-AI powered SEO-Schema Cross-Site Scripting (3.37.1)
MySQL CVE-2015-4904 Vulnerability (CVE-2015-4904)
PostgreSQL Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2022-2625)
Oracle Database Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)