Unrated severityNVD Advisory· Published Aug 18, 2013· Updated Jun 16, 2026
CVE-2013-4238
CVE-2013-4238
Description
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
66cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*+ 33 more
- cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.2150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.6150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:x64:*
- cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.2150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.2150:*:*:*:*:*:x64:*
- cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.2150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3:beta2:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.4:alpha1:*:*:*:*:*:*
- (no CPE)range: 2.6 - 3.4
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
- osv-coords28 versionspkg:rpm/opensuse/python310&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python311&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python312&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python313&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python314&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python315&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python36&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python38&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python39&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python3-base&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python3&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python3&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-base&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1
< 3.10.0rc1-4.2+ 27 more
- (no CPE)range: < 3.10.0rc1-4.2
- (no CPE)range: < 3.11.0b1-1.1
- (no CPE)range: < 3.12.0a7-1.1
- (no CPE)range: < 3.13.0~b3-1.1
- (no CPE)range: < 3.14.0~a1-1.1
- (no CPE)range: < 3.15.0~a1-1.1
- (no CPE)range: < 3.6.15-1.1
- (no CPE)range: < 3.8.12-1.2
- (no CPE)range: < 3.9.7-2.1
- (no CPE)range: < 3.6.10-lp151.6.7.1
- (no CPE)range: < 3.6.10-lp151.6.7.1
- (no CPE)range: < 3.5.1-3.8
- (no CPE)range: < 2.7.12-1.4
- (no CPE)range: < 2.7.12-1.5
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
Patches
Vulnerability mechanics
References
15- bugs.python.org/issue18709nvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- lists.opensuse.org/opensuse-updates/2013-09/msg00026.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2013-09/msg00027.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2013-09/msg00028.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2013-09/msg00029.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2013-09/msg00042.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2013-09/msg00043.htmlnvdVendor Advisory
- www.ubuntu.com/usn/USN-1982-1nvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1582.htmlnvd
- seclists.org/fulldisclosure/2014/Dec/23nvd
- www.debian.org/security/2014/dsa-2880nvd
- www.securityfocus.com/archive/1/534161/100/0/threadednvd
- www.vmware.com/security/advisories/VMSA-2014-0012.htmlnvd
News mentions
0No linked articles in our index yet.