← Back

CVE-2013-4238

nvd nist
Published: Aug 18, 2013Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Affected (37)

Canonical
1 product
Ubuntu Linux
Python
1 product
Python
Opensuse
1 product
Opensuse
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu Linux
Version 10.04
Configuration B
33 vulnerable
Vulnerable SoftwareAffected Versions
Python
Python
Version 2.6.1
Python
Version 2.6.2150
Python
Version 2.6.2
Python
Version 2.6.3
Python
Version 2.6.4
Python
Version 2.6.5
Python
Version 2.6.6150
Python
Version 2.6.6
Python
Version 2.6.7
Python
Version 2.6.8
Python
Version 2.7.1150
Python
Version 2.7.1150
Python
Version 2.7.1
Python
Version 2.7.1 rc1
Python
Version 2.7.2150
Python
Version 2.7.2 rc1
Python
Version 2.7.3
Python
Version 3.0.1
Python
Version 3.0
Python
Version 3.1.1
Python
Version 3.1.2150
Python
Version 3.1.2
Python
Version 3.1.3
Python
Version 3.1.4
Python
Version 3.1.5
Python
Version 3.1
Python
Version 3.2.2150
Python
Version 3.2.3
Python
Version 3.2
Python
Version 3.2 alpha
Python
Version 3.3
Python
Version 3.3 beta2
Python
Version 3.4 alpha1
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Opensuse
Version 11.4
Opensuse
Version 12.2
Opensuse
Version 12.3

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (30)

Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch

Timeline

No history available yet.