CVE-2013-4314: Input Validation
First published: Fri Sep 06 2013(Updated: )
The pyOpenSSL module implements hostname identity checks but it did not properly handle hostnames in the certificate that contain null bytes. In all releases prior to 0.13.1, the string formatting of subjectAltName X509Extension instances incorrectly truncated fields of the name when encountering the null byte. When a CA than an SSL client trusts issues a server certificate that has a null byte in the subjectAltName, remote attackers can obtain a certifcate for 'www.foo.org\0.example.com' from the CA to spoof 'www.foo.org' and conduct man-in-the-middle attacks between the pyOpenSSL-using client and SSL servers. [1] <a href="https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html">https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/pyOpenSSL | <0.13.1 | 0.13.1 |
| pip/pyOpenSSL | <0.13.1 | 0.13.1 |
| pyOpenSSL | <=0.13 | |
| pyOpenSSL | =0.7 | |
| pyOpenSSL | =0.8-a1 | |
| pyOpenSSL | =0.9 | |
| pyOpenSSL | =0.10 | |
| pyOpenSSL | =0.11 | |
| pyOpenSSL | =0.11-a1 | |
| pyOpenSSL | =0.11-a2 | |
| pyOpenSSL | =0.12 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =12.10 | |
| Ubuntu Linux | =13.04 | |
| Ubuntu | =10.04 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 | |
| Ubuntu | =13.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00015.html
- http://www.debian.org/security/2013/dsa-2763
- http://www.openwall.com/lists/oss-security/2013/09/06/2
- http://www.ubuntu.com/usn/USN-1965-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1005325
- https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1005428
- https://access.redhat.com/security/cve/CVE-2013-4314
- http://bazaar.launchpad.net/~exarkun/pyopenssl/trunk/revision/169
- https://docs.python.org/2/c-api/arg.html
- https://nvd.nist.gov/vuln/detail/CVE-2013-4314
- https://github.com/pyca/pyopenssl/commit/6bbf44a00b35fb28df1f66aa194b2fe95eab1ab2
- https://github.com/advisories/GHSA-6748-36qp-fx6r (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2013-31.yaml
Frequently Asked Questions
What is the severity of CVE-2013-4314?
CVE-2013-4314 is classified as a moderate severity vulnerability.
How do I fix CVE-2013-4314?
To fix CVE-2013-4314, upgrade pyOpenSSL to version 0.13.1 or later.
Which versions of pyOpenSSL are affected by CVE-2013-4314?
CVE-2013-4314 affects all versions of pyOpenSSL prior to 0.13.1.
What kind of vulnerability is CVE-2013-4314?
CVE-2013-4314 involves improper handling of hostnames containing null bytes in the pyOpenSSL module.
Is there a patch available for CVE-2013-4314?
Yes, a patch is available by upgrading pyOpenSSL to version 0.13.1.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-4314
- agent/software-canonical-lookup
- agent/weakness
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-6748-36qp-fx6r
- agent/last-modified-date
- agent/severity
- agent/references
- collector/github-advisory
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- package-manager/redhat
- package-manager/pip
- vendor/jean-paul calderone
- canonical/pyopenssl
- version/pyopenssl/0.13
- version/pyopenssl/0.7
- version/pyopenssl/0.8-a1
- version/pyopenssl/0.9
- version/pyopenssl/0.10
- version/pyopenssl/0.11
- version/pyopenssl/0.11-a1
- version/pyopenssl/0.11-a2
- version/pyopenssl/0.12
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.04
- version/ubuntu linux/12.04
- version/ubuntu linux/12.10
- version/ubuntu linux/13.04
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/12.04
- version/ubuntu/12.10
- version/ubuntu/13.04