{"id":"PSF-2013-2","summary":"ssl: NULL in subjectAltNames","details":"The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","aliases":["CVE-2013-4238"],"modified":"2026-05-18T05:45:30.127764457Z","published":"2013-08-18T01:00:00Z","database_specific":{"cwe_ids":[]},"references":[{"type":"REPORT","url":"https://bugs.python.org/issue18709"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"82f88283171933127f20f866a7f98694b29cca56"},{"fixed":"ec3c103520a5061e657581b388e2b8ba6f74602a"}]}],"versions":["v3.2.5","v3.2.4","v3.2.4rc1","v2.6.8","v2.6.8rc2","v2.6.8rc1","v2.6.7","v3.2","v3.2rc3","v3.2rc2","v3.2rc1","v3.2b2","v3.2b1","v3.2a4","v3.2a3","v3.2a2","v2.6.6","v2.6.6rc2","v2.6.6rc1","v3.2a1","v2.6.5","v2.6.5rc2","v2.6.5rc1","v2.6.4","v2.6.4rc2","v2.6.4rc1","v2.6.3","v2.6.3rc1","v3.1","v3.1rc2","v3.1rc1","v3.1b1","v2.6.2","v2.6.2c1","v3.1a2","v3.1a1","v2.6.1","v3.0rc3","v3.0rc2","v2.6","v2.6rc2","v3.0rc1","v2.6rc1","v3.0b3","v2.6b3","v2.6b2","v3.0b2","v2.6b1","v3.0b1","v2.6a3","v3.0a5","v2.6a2","v3.0a4","v3.0a3","v2.6a1","v3.0a2","v3.0a1","v2.5b3","v2.5b2","v2.5b1","v2.5a2","v2.5a1","v2.5a0","v2.4","v2.4c1","v2.4b2","v2.4b1","v2.4a3","v2.4a2","v2.4a1","v2.3c2","v2.3c1","v2.2a3","v2.1","v2.1c2","v2.1c1","v2.1b2","v2.1b1","v2.1a2","v2.1a1","v2.0","v2.0c1","v2.0b2","v2.0b1","v1.6a2","v1.6a1","v1.5.2","v1.5.2c1","v1.5.2b2","v1.5.2b1","v1.5.2a2","v1.5.2a1","v1.5.1","v1.5","v1.5b2","v1.5b1","v1.5a4","v1.5a3","v1.5a2","v1.5a1","v1.4","v1.4b3","v1.4b2","v1.4b1","v1.3","v1.3b1","v1.2","v1.2b4","v1.2b3","v1.2b2","v1.2b1","v1.1.1","v1.1","v1.0.2","v1.0.1","v0.9.9","v0.9.8"],"database_specific":{"source":"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2013-2.json"}}],"schema_version":"1.7.5"}