Total vulnerabilities in the database
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
| Software | From | Fixed in |
|---|---|---|
| canonical / ubuntu_linux | 10.04 | 10.04.x |
| python / python | 3.1 | 3.1.x |
| python / python | 3.1.1 | 3.1.1.x |
| python / python | 3.0 | 3.0.x |
| python / python | 2.6.6 | 2.6.6.x |
| python / python | 3.0.1 | 3.0.1.x |
| python / python | 2.7.1150 | 2.7.1150.x |
| python / python | 3.3 | 3.3.x |
| python / python | 2.6.1 | 2.6.1.x |
| python / python | 3.1.5 | 3.1.5.x |
| python / python | 3.2.2150 | 3.2.2150.x |
| python / python | 2.6.3 | 2.6.3.x |
| python / python | 2.6.2150 | 2.6.2150.x |
| python / python | 2.7.1 | 2.7.1.x |
| python / python | 3.1.2150 | 3.1.2150.x |
| python / python | 3.1.2 | 3.1.2.x |
| python / python | 2.6.8 | 2.6.8.x |
| python / python | 2.6.7 | 2.6.7.x |
| python / python | 2.7.3 | 2.7.3.x |
| python / python | 2.7.1-rc1 | 2.7.1-rc1.x |
| python / python | 3.2.3 | 3.2.3.x |
| python / python | 2.6.4 | 2.6.4.x |
| python / python | 2.7.2-rc1 | 2.7.2-rc1.x |
| python / python | 2.6.6150 | 2.6.6150.x |
| python / python | 3.2 | 3.2.x |
| python / python | 2.6.2 | 2.6.2.x |
| python / python | 3.4-alpha1 | 3.4-alpha1.x |
| python / python | 2.7.2150 | 2.7.2150.x |
| python / python | 3.2-alpha | 3.2-alpha.x |
| python / python | 3.3-beta2 | 3.3-beta2.x |
| python / python | 2.6.5 | 2.6.5.x |
| python / python | 3.1.3 | 3.1.3.x |
| python / python | 3.1.4 | 3.1.4.x |
| opensuse / opensuse | 12.3 | 12.3.x |
| opensuse / opensuse | 11.4 | 11.4.x |
| opensuse / opensuse | 12.2 | 12.2.x |