oss-sec mailing list archives

CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes

From: Murray McAllister <mmcallis () redhat com>
Date: Tue, 13 Aug 2013 12:37:40 +1000

Good morning,

An issue similar to CVE-2013-4073[1] was found in Python:

https://bugs.mageia.org/show_bug.cgi?id=10989
http://bugs.python.org/issue18709

Could a CVE for the Python instance of this flaw please be assigned (ifone has not already been assigned)?


Thanks.

[1]<http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/>


<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4073>

--
Murray McAllister / Red Hat Security Response Team

Current thread:

CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Murray McAllister (Aug 12)
- Re: CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Kurt Seifried (Aug 12)
  - Re: CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Brian Cameron (Aug 15)
    - Re: [PSRT] [oss-security] CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Christian Heimes (Aug 15)