Fluid Attacks Database

Description

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	python2.7	>=0 <2.7.9-1	2.7.9-1
rpm rhel7	bzr	-	-
rpm rhel7	python-virtualenv	-	-

Aliases

1. CVE-2013-74402. NVD-2013-74403. OSV-DEBIAN-2013-74404. OSV-2013-74405. SECURITY-TRACKER-CVE-2013-7440

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.