Unrated severityNVD Advisory· Published Oct 9, 2013· Updated Jun 16, 2026
CVE-2013-2099
CVE-2013-2099
Description
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*
- (no CPE)range: 3.2.x, 3.3.x, and earlier
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
10- bugs.python.org/issue17980nvdPatch
- secunia.com/advisories/55107nvdVendor Advisory
- secunia.com/advisories/55116nvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2014-1690.htmlnvd
- www.openwall.com/lists/oss-security/2013/05/16/6nvd
- www.ubuntu.com/usn/USN-1983-1nvd
- www.ubuntu.com/usn/USN-1984-1nvd
- www.ubuntu.com/usn/USN-1985-1nvd
- access.redhat.com/errata/RHSA-2016:1166nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.