CVE-2013-7440 — Python vulnerability

CWE-1917 documents6 sources

Severity

5.9MEDIUMNVD

EPSS

0.4%

top 41.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Python2.7 Python

Timeline

PublishedJun 7

Latest updateMay 17

Description

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/python2.7< python2.7 2.7.9-1 (bullseye)

▶NVDpython/python2.7.8+22

🔴Vulnerability Details

GHSA

GHSA-v6fx-m8cj-52v3: The ssl↗2022-05-17

▶

OSV

CVE-2013-7440: The ssl↗2016-06-07

▶

📋Vendor Advisories

Red Hat

python: wildcard matching rules do not follow RFC 6125↗2013-08-12

▶

Debian

CVE-2013-7440: python2.7 - The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x bef...↗2013

▶

💬Community

Bugzilla

CVE-2013-2099 CVE-2013-7440 python-pymongo: various flaws [fedora-all]↗2016-02-03

▶

Bugzilla

CVE-2013-2099 CVE-2013-7440 python-pymongo: various flaws [fedora-all]↗2016-02-03

▶

Bugzilla

CVE-2013-2099 CVE-2013-7440 python-pymongo: various flaws [fedora-all]↗2016-02-03

▶

Bugzilla

CVE-2013-7440 zeroinstall-injector: python: wildcard matching rules do not follow RFC 6125 [epel-6]↗2015-06-12

▶

Bugzilla

CVE-2013-2099 CVE-2013-7440 python-pymongo: various flaws [fedora-all]↗2015-06-12

▶