Home

CVE-2013-2099

Description

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
5.238

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
(RHSA-2015:0042) Low: cloud-init security, bug fix, and enhancement update cloud-init-0.7.5-1.el6.i686.rpmLinux
(RHSA-2015:0042) Low: cloud-init security, bug fix, and enhancement update cloud-init-0.7.5-1.el6.x86_64.rpmLinux
(RHSA-2015:0042) Low: cloud-init security, bug fix, and enhancement update python-backports-1.0-3.el6.i686.rpmLinux
(RHSA-2015:0042) Low: cloud-init security, bug fix, and enhancement update python-backports-1.0-3.el6.x86_64.rpmLinux
(RHSA-2015:0042) Low: cloud-init security, bug fix, and enhancement update python-backports-ssl_match_hostname-3.4.0.2-1.el6.noarch.rpmLinux
(RHSA-2015:0042) Low: cloud-init security, bug fix, and enhancement update python-boto-2.25.0-2.el6.noarch.rpmLinux
(RHSA-2015:0042) Low: cloud-init security, bug fix, and enhancement update python-jsonpatch-1.2-2.el6.noarch.rpmLinux
(RHSA-2015:0042) Low: cloud-init security, bug fix, and enhancement update python-jsonpointer-1.0-2.el6.noarch.rpmLinux
(RHSA-2015:0042) Low: cloud-init security, bug fix, and enhancement update python-six-1.6.1-1.el6.noarch.rpmLinux
(RHSA-2015:0042) Low: cloud-init security, bug fix, and enhancement update python-urllib3-1.5-5.1.2.el6.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234