« List of all CVEs

CVE-2013-7440

Published: 6/7/2016 Last updated: 8/6/2024 Reserved: 5/19/2015

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (7)

conf-python-2-7 conf-python-2-7-dev conf-python-3 conf-python-3-7 conf-python-3-dev py termbox

Products affected (2)

Product Vendor Version
n/a n/a 17.3.3
n/a n/a 5.1.0

References (28)