CVE-2013-2099

EPSS 3.0%

bzr - security update

發布日:2013/10/9修改日:2026/4/28

描述

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

受影響套件(6)

Debian/bzrfrom 0, < 2.6.0~bzr6574-1
Debian/bzrfrom 0, < 2.6.0~bzr6526-1+deb7u1
Debian/linkcheckerfrom 0, < 8.5-1
Debian/python2.7from 0, < 2.7.5-5
Debian/python-tornadofrom 0, < 2.4.1-3
Debian/python-urllib3from 0, < 1.6-2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-2099