{"id":"UBUNTU-CVE-2013-2099","details":"Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.","modified":"2026-02-04T04:18:03.900978Z","published":"2013-05-16T00:00:00Z","related":["USN-1983-1","USN-1984-1","USN-1985-1"],"upstream":["CVE-2013-2099"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-2099"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2013/05/16/6"},{"type":"REPORT","url":"http://bugs.python.org/issue17980"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-1983-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-1985-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-1984-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2013-2099"}],"affected":[{"package":{"name":"w3af","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/w3af@1.1svn5547-1.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.1svn5547-1.1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.1svn5547-1.1","binary_name":"w3af"},{"binary_version":"1.1svn5547-1.1","binary_name":"w3af-console"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-2099.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"low"}]}