Description

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

Remediation

References

CVE-2013-2099

Related Vulnerabilities

ownCloud Incorrect Authorization Vulnerability (CVE-2021-35949)

Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-28169)

Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-9840)

Apache Tomcat Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4444)

Grafana Insufficiently Protected Credentials Vulnerability (CVE-2022-31130)

Severity

Medium

Classification

CVE-2013-2099

Tags

Missing Update Known Vulnerabilities