[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names
Florian Weimer
report at bugs.python.org
Thu May 16 14:50:10 CEST 2013
Florian Weimer added the comment:
The host name is looked up to get the IP address to connect to. The lookup will fail if the host name is longer than 255 characters, and the crafted certificate is never retrieved.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17980>
_______________________________________
More information about the Python-bugs-list
mailing list