CVE-2013-4314 – Ubuntu Security Notice USN-1965-1

https://notcve.org/view.php?id=CVE-2013-4314

13 Sep 2013 — The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. La X509Extension en pyOpenSSL ante de 0.13.1 no maneja apropiadamente el carácter "\0" en el nombre de dominio en el campo Subject Alternative Name de un certificado X.509 que permite a atacantes man... • http://lists.opensuse.org/opensuse-updates/2013-11/msg00015.html • CWE-20: Improper Input Validation •