Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-522

Denial of Service vulnerability in ssl_match_hostname.py

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Fixed
    • Affects Version/s: 2.5, 2.5.1
    • Fix Version/s: 2.6
    • Component/s: None

      Description

      A vulnerability in _dnsname_to_pat() in ssl_match_hostname.py allows attackers to cause a Denial of Service by submitting a certificate name that contains many asterisk '*' characters.

      Pymongo embeds a copy of such file.
      More details below:

      http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709487
      http://bugs.python.org/issue17980
      https://bugzilla.redhat.com/show_bug.cgi?id=963186

      Thanks!

        Attachments

          Activity

            People

            Assignee:
            behackett Bernie Hackett
            Reporter:
            federico2 Federico Ceratto
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: