The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority
Reporter | Title | Published | Views | Family All 32 |
---|---|---|---|---|
![]() | Hostname Check Bypassing | 9 Jan 201705:19 | – | veracode |
![]() | CVE-2013-4314 | 30 Sep 201321:55 | – | osv |
![]() | DSA-2763-1 pyopenssl - hostname check bypassing | 24 Sep 201300:00 | – | osv |
![]() | OPENSUSE-SU-2024:11253-1 python36-pyOpenSSL-20.0.1-1.4 on GA media | 15 Jun 202400:00 | – | osv |
![]() | OPENSUSE-SU-2024:10214-1 python-pyOpenSSL-16.2.0-1.3 on GA media | 15 Jun 202400:00 | – | osv |
![]() | PYSEC-2013-31 | 30 Sep 201321:55 | – | osv |
![]() | GHSA-6748-36QP-FX6R PyOpenSSL Mishandles NUL Byte In Certificate Subject Alternative Name | 17 May 202204:56 | – | osv |
![]() | OPENSUSE-SU-2024:14154-1 python310-pyOpenSSL-24.1.0-1.2 on GA media | 12 Jul 202400:00 | – | osv |
![]() | MGASA-2013-0277 Updated python-OpenSSL package fixes security vulnerability | 13 Sep 201320:16 | – | osv |
![]() | SUSE-FU-2022:0444-1 Feature update for venv-salt-minion | 16 Feb 202215:20 | – | osv |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo