{"id":"CVE-2013-4238","details":"The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","aliases":["PSF-2013-2"],"modified":"2026-04-16T01:42:20.519732147Z","published":"2013-08-18T02:52:22Z","withdrawn":"2026-01-27T04:11:42.975363Z","related":["SUSE-FU-2022:0444-1","SUSE-FU-2022:0445-1","SUSE-SU-2020:0114-1","SUSE-SU-2020:0234-1","openSUSE-SU-2020:0086-1","openSUSE-SU-2024:10100-1","openSUSE-SU-2024:10426-1","openSUSE-SU-2024:10450-1","openSUSE-SU-2024:10536-1","openSUSE-SU-2024:11283-1","openSUSE-SU-2024:11284-1","openSUSE-SU-2024:11285-1","openSUSE-SU-2024:11286-1","openSUSE-SU-2024:12089-1","openSUSE-SU-2024:12910-1","openSUSE-SU-2024:14109-1","openSUSE-SU-2024:14434-1","openSUSE-SU-2025:15713-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2013-09/msg00029.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2013-09/msg00042.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2013-09/msg00043.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-1582.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2014/dsa-2880"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1982-1"},{"type":"ADVISORY","url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"type":"FIX","url":"http://bugs.python.org/issue18709"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=996381"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"}],"schema_version":"1.7.3"}