{"id":"PSF-2013-2","summary":"ssl: NULL in subjectAltNames","details":"The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","aliases":["CVE-2013-4238"],"modified":"2025-10-09T01:07:24.408465Z","published":"2013-08-18T01:00:00Z","database_specific":{"cwe_ids":[]},"references":[{"type":"REPORT","url":"https://bugs.python.org/issue18709"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"82f88283171933127f20f866a7f98694b29cca56"},{"fixed":"ec3c103520a5061e657581b388e2b8ba6f74602a"}]}],"versions":["2.5","v0.9.8","v0.9.9","v1.0.1","v1.0.2","v1.1","v1.1.1","v1.2","v1.2b1","v1.2b2","v1.2b3","v1.2b4","v1.3","v1.3b1","v1.4","v1.4b1","v1.4b2","v1.4b3","v1.5","v1.5.1","v1.5.2","v1.5.2a1","v1.5.2a2","v1.5.2b1","v1.5.2b2","v1.5.2c1","v1.5a1","v1.5a2","v1.5a3","v1.5a4","v1.5b1","v1.5b2","v1.6a1","v1.6a2","v2.0","v2.0b1","v2.0b2","v2.0c1","v2.1","v2.1a1","v2.1a2","v2.1b1","v2.1b2","v2.1c1","v2.1c2","v2.2a3","v2.3c1","v2.3c2","v2.4","v2.4a1","v2.4a2","v2.4a3","v2.4b1","v2.4b2","v2.4c1","v2.5","v2.5.1","v2.5.1c1","v2.5.2","v2.5.2c1","v2.5.3","v2.5.3c1","v2.5.4","v2.5.5","v2.5.5c1","v2.5.5c2","v2.5.6","v2.5.6c1","v2.5a0","v2.5a1","v2.5a2","v2.5b1","v2.5b2","v2.5b3","v2.5c1","v2.5c2","v2.6","v2.6.1","v2.6.2","v2.6.2c1","v2.6.3","v2.6.3rc1","v2.6.4","v2.6.4rc1","v2.6.4rc2","v2.6.5","v2.6.5rc1","v2.6.5rc2","v2.6.6","v2.6.6rc1","v2.6.6rc2","v2.6.7","v2.6.8","v2.6.8rc1","v2.6.8rc2","v2.6a1","v2.6a2","v2.6a3","v2.6b1","v2.6b2","v2.6b3","v2.6rc1","v2.6rc2","v2.7","v2.7.1","v2.7.1rc1","v2.7.2","v2.7.2rc1","v2.7.3","v2.7.3rc1","v2.7.3rc2","v2.7a1","v2.7a2","v2.7a3","v2.7a4","v2.7b1","v2.7b2","v2.7rc1","v2.7rc2","v3.0a1","v3.0a2","v3.0a3","v3.0a4","v3.0a5","v3.0b1","v3.0b2","v3.0b3","v3.0rc1","v3.0rc2","v3.0rc3","v3.1","v3.1.1","v3.1.1rc1","v3.1.2","v3.1.2rc1","v3.1.3","v3.1.3rc1","v3.1.4","v3.1.4rc1","v3.1.5","v3.1.5rc1","v3.1.5rc2","v3.1a1","v3.1a2","v3.1b1","v3.1rc1","v3.1rc2","v3.2","v3.2.1","v3.2.1b1","v3.2.1rc1","v3.2.1rc2","v3.2.2","v3.2.2rc1","v3.2.3","v3.2.3rc1","v3.2.3rc2","v3.2.4","v3.2.4rc1","v3.2.5","v3.2a1","v3.2a2","v3.2a3","v3.2a4","v3.2b1","v3.2b2","v3.2rc1","v3.2rc2","v3.2rc3"],"database_specific":{"vanir_signatures":[{"target":{"file":"Modules/_ssl.c"},"source":"https://github.com/python/cpython/commit/82f88283171933127f20f866a7f98694b29cca56","deprecated":false,"id":"PSF-2013-2-04d4aa5a","digest":{"threshold":0.9,"line_hashes":["208476072018703374169705949281975767378","27165912587214076874359125077530548518","315990163309743018432116170712701824069","16502815811077818532398841776126361458","153838115004027901382976872871093713864","116737434654397694070227751028478479487","201485418855318729409495772323686141196","205712877832216404655709859647738578952","65123699377914112943705372694572766342","217558669058264310948011973600883778618","126438800798347972348611030803392248008","271522026747002048919267003663030145729","198029677352766576298626273114201548235","9967940187708458286748735264491630499","284153787139370919685701502369938440369","247846963957053206303308641289118312148","271522026747002048919267003663030145729","224726372933653730734229496088504105210","305963829634363421081230092522916401593","243992615745365601462973855290326203357"]},"signature_type":"Line","signature_version":"v1"},{"target":{"file":"Modules/_ssl.c"},"source":"https://github.com/python/cpython/commit/ec3c103520a5061e657581b388e2b8ba6f74602a","deprecated":false,"id":"PSF-2013-2-7a608571","digest":{"threshold":0.9,"line_hashes":["267195821947465670376880628645124211509","66794394928692160847769070482100396933","35445144585062615840440184453341086890","9314011799575976869770951580840136823","201485418855318729409495772323686141196","205712877832216404655709859647738578952","65123699377914112943705372694572766342","217558669058264310948011973600883778618","126438800798347972348611030803392248008","271522026747002048919267003663030145729","198029677352766576298626273114201548235","9967940187708458286748735264491630499","284153787139370919685701502369938440369","247846963957053206303308641289118312148","271522026747002048919267003663030145729","224726372933653730734229496088504105210","305963829634363421081230092522916401593","243992615745365601462973855290326203357"]},"signature_type":"Line","signature_version":"v1"},{"target":{"function":"newPySSLObject","file":"Modules/_ssl.c"},"source":"https://github.com/python/cpython/commit/82f88283171933127f20f866a7f98694b29cca56","deprecated":false,"id":"PSF-2013-2-884b1a21","digest":{"length":2918,"function_hash":"309199277346399668667350174286899743690"},"signature_type":"Function","signature_version":"v1"},{"target":{"function":"_get_peer_alt_names","file":"Modules/_ssl.c"},"source":"https://github.com/python/cpython/commit/82f88283171933127f20f866a7f98694b29cca56","deprecated":false,"id":"PSF-2013-2-fd000e40","digest":{"length":2226,"function_hash":"325444891445462604615767600577434733812"},"signature_type":"Function","signature_version":"v1"},{"target":{"function":"_get_peer_alt_names","file":"Modules/_ssl.c"},"source":"https://github.com/python/cpython/commit/ec3c103520a5061e657581b388e2b8ba6f74602a","deprecated":false,"id":"PSF-2013-2-fd25439a","digest":{"length":2354,"function_hash":"231472686733229083479575063711306808999"},"signature_type":"Function","signature_version":"v1"}],"source":"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2013-2.json"}}],"schema_version":"1.7.3"}