Design/Logic Flaw

2013-10-0914:53:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.053 Low

EPSS

Percentile

92.9%

JSON

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

CPENameOperatorVersion
ubuntu_linuxeq13.04
ubuntu_linuxeq12.10
ubuntu_linuxeq12.4 lts
pythoneq3.3.2
pythoneq3.2.2
pythoneq3.2.5
pythoneq3.2.1
pythoneq3.2.0
pythoneq3.3.1
pythoneq3.2.3

Name	Operator	Version
ubuntu_linux	eq	13.04
ubuntu_linux	eq	12.10
ubuntu_linux	eq	12.4 lts
python	eq	3.3.2
python	eq	3.2.2
python	eq	3.2.5
python	eq	3.2.1
python	eq	3.2.0
python	eq	3.3.1
python	eq	3.2.3