CVE-2013-2099

2013-10-0914:53:00

CWE-399

[email protected]

web.nvd.nist.gov

122

cve-2013-2099

ssl

python 3.x

denial of service

algorithmic complexity vulnerability

6.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.053 Low

EPSS

Percentile

93.0%

JSON

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

CPENameOperatorVersion
python:pythonpythoneq3.3.2
python:pythonpythoneq3.2.2
python:pythonpythoneq3.2.5
python:pythonpythoneq3.2.1
python:pythonpythoneq3.2.0
python:pythonpythoneq3.3.1
python:pythonpythoneq3.2.3
python:pythonpythoneq3.3.0
python:pythonpythoneq3.2.4
canonical:ubuntu_linuxcanonical ubuntu linuxeq13.04

CPE	Name	Operator	Version
python:python	python	eq	3.3.2
python:python	python	eq	3.2.2
python:python	python	eq	3.2.5
python:python	python	eq	3.2.1
python:python	python	eq	3.2.0
python:python	python	eq	3.3.1
python:python	python	eq	3.2.3
python:python	python	eq	3.3.0
python:python	python	eq	3.2.4
canonical:ubuntu_linux	canonical ubuntu linux	eq	13.04