CVE-2013-2099

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*

History

13 Feb 2023, 04:42

Type Values Removed Values Added
Summary A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2014:1690', 'name': 'https://access.redhat.com/errata/RHSA-2014:1690', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHBA-2016:1500', 'name': 'https://access.redhat.com/errata/RHBA-2016:1500', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2013-2099', 'name': 'https://access.redhat.com/security/cve/CVE-2013-2099', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2014:1263', 'name': 'https://access.redhat.com/errata/RHSA-2014:1263', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0042', 'name': 'https://access.redhat.com/errata/RHSA-2015:0042', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 18:17

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2014:1690 -
  • (MISC) https://access.redhat.com/errata/RHBA-2016:1500 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2013-2099 -
  • (MISC) https://access.redhat.com/errata/RHSA-2014:1263 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0042 -
Summary Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU.

Information

Published : 2013-10-09 14:53

Updated : 2023-12-10 11:16


NVD link : CVE-2013-2099

Mitre link : CVE-2013-2099

CVE.ORG link : CVE-2013-2099


JSON object : View

Products Affected

canonical

  • ubuntu_linux

python

  • python
CWE
CWE-399

Resource Management Errors