Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9jm3-rkd6-67c1
Vulnerability ID VCID-9jm3-rkd6-67c1
Aliases CVE-2013-2099
Summary python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-407 Inefficient Algorithmic Complexity
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-399 Resource Management Errors
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.02979 https://api.first.org/data/v1/epss?cve=CVE-2013-2099
Reference id Reference type URL
http://bugs.python.org/issue17980
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2099.json
https://api.first.org/data/v1/epss?cve=CVE-2013-2099
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2099
709066 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709066
709067 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709067
709068 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709068
709069 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709069
709070 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709070
963260 https://bugzilla.redhat.com/show_bug.cgi?id=963260
GLSA-201401-04 https://security.gentoo.org/glsa/201401-04
RHSA-2014:1263 https://access.redhat.com/errata/RHSA-2014:1263
RHSA-2014:1690 https://access.redhat.com/errata/RHSA-2014:1690
RHSA-2015:0042 https://access.redhat.com/errata/RHSA-2015:0042
RHSA-2016:1166 https://access.redhat.com/errata/RHSA-2016:1166
USN-1983-1 https://usn.ubuntu.com/1983-1/
USN-1984-1 https://usn.ubuntu.com/1984-1/
USN-1985-1 https://usn.ubuntu.com/1985-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.86753
EPSS Score 0.02979
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T10:08:18.071570+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2099.json 38.6.0