Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Minor - P4
Fix Version/s: 2.6
Affects Version/s: 2.5, 2.5.1
Component/s: None
Labels:
- python
- security
- ssl
- vulnerability

Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

A vulnerability in _dnsname_to_pat() in ssl_match_hostname.py allows attackers to cause a Denial of Service by submitting a certificate name that contains many asterisk '*' characters.

Pymongo embeds a copy of such file.
More details below:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709487
http://bugs.python.org/issue17980
https://bugzilla.redhat.com/show_bug.cgi?id=963186

Thanks!

Assignee:: Bernie Hackett
Reporter:: Federico Ceratto
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: May 24 2013 06:59:54 PM UTC
Updated:: Aug 19 2013 08:17:42 PM UTC
Resolved:: May 25 2013 12:13:19 AM UTC

Details

Description

Attachments

Forms

Activity

People

Dates