Denial of Service vulnerability in ssl_match_hostname.py

XMLWordPrintableJSON

    • None
    • None
    • None
    • None
    • None
    • None
    • None

      A vulnerability in _dnsname_to_pat() in ssl_match_hostname.py allows attackers to cause a Denial of Service by submitting a certificate name that contains many asterisk '*' characters.

      Pymongo embeds a copy of such file.
      More details below:

      http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709487
      http://bugs.python.org/issue17980
      https://bugzilla.redhat.com/show_bug.cgi?id=963186

      Thanks!

              Assignee:
              Bernie Hackett
              Reporter:
              Federico Ceratto
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: