CVE-2013-2099

Description

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

Affected packages (6)

• Debian/bzrfrom 0, < 2.6.0~bzr6574-1
• Debian/bzrfrom 0, < 2.6.0~bzr6526-1+deb7u1
• Debian/linkcheckerfrom 0, < 8.5-1
• Debian/python2.7from 0, < 2.7.5-5
• Debian/python-tornadofrom 0, < 2.4.1-3
• Debian/python-urllib3from 0, < 1.6-2

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-2099