Description

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

Remediation

References

CVE-2013-2099

Related Vulnerabilities

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1315)

WordPress Plugin Simple SEO Cross-Site Scripting (1.7.91)

MySQL CVE-2014-0437 Vulnerability (CVE-2014-0437)

ownCloud Improper Access Control Vulnerability (CVE-2016-9462)

Sqlite Incorrect Conversion between Numeric Types Vulnerability (CVE-2019-19317)

Severity

Medium

Classification

CVE-2013-2099

Tags

Missing Update Known Vulnerabilities