VDB
CVE-2013-4314
CVE-2013-4314
PUBLISHED
CVSS 4.300000190734863 MEDIUM
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
EPSS 0.25% · 48.5th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
0.25%
48.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | pyOpenSSL | 0 |
| canonical | ubuntu_linux | 12.04, 12.10, 13.04 |
| jean-paul_calderone | pyopenssl | 0.11, 0.12, 0 |
| n/a | n/a | n/a |
Timeline
- Sep 30, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- DSA-2763 vendor-advisory
- [pyOpenSSL-Users] 20130904 pyOpenSSL 0.13.1 mailing-list
- https://bugzilla.redhat.com/show_bug.cgi?id=1005325 url
- openSUSE-SU-2013:1648 vendor-advisory
- [oss-security] 20130906 Re: CVE request: pyOpenSSL hostname check bypassing vulnerability mailing-list
- USN-1965-1 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2013-4314 advisory
- https://github.com/pyca/pyopenssl/commit/6bbf44a00b35fb28df1f66aa194b2fe95eab1ab2 url
- https://github.com/pyca/pyopenssl package
- https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2013-31.yaml url