Описание
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU.
Отчет
This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6 as the SSL module there did not implement the match_hostname() routine yet.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | python | Not affected | ||
| Red Hat Enterprise Linux 6 | bzr | Not affected | ||
| Red Hat Enterprise Linux 6 | python | Not affected | ||
| Red Hat Enterprise Linux 7 | bzr | Will not fix | ||
| Red Hat Enterprise Linux 7 | python | Not affected | ||
| Red Hat Enterprise Linux 7 | python-tornado | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | python-backports-ssl_match_hostname | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | python-pymongo | Affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | python-pymongo | Affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | python-pymongo | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS2
Связанные уязвимости
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
Algorithmic complexity vulnerability in the ssl.match_hostname functio ...
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
EPSS
2.6 Low
CVSS2