Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-522

Denial of Service vulnerability in ssl_match_hostname.py

XMLWordPrintableJSON

      A vulnerability in _dnsname_to_pat() in ssl_match_hostname.py allows attackers to cause a Denial of Service by submitting a certificate name that contains many asterisk '*' characters.

      Pymongo embeds a copy of such file.
      More details below:

      http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709487
      http://bugs.python.org/issue17980
      https://bugzilla.redhat.com/show_bug.cgi?id=963186

      Thanks!

            Assignee:
            bernie@mongodb.com Bernie Hackett
            Reporter:
            federico2 Federico Ceratto
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: