Medium severity5.9NVD Advisory· Published Jun 7, 2016· Updated May 6, 2026
CVE-2013-7440
CVE-2013-7440
Description
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
Affected products
26cpe:2.3:a:python:python:*:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*range: <=2.7.8
- cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.2150:*:*:*:*:*:x64:*
- cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.2150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3:beta2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7News mentions
0No linked articles in our index yet.