It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field. A remote attacker in the position to obtain a certificate for "www.foo.org\0.example.com" from a CA that a SSL client trusts, could use this to spoof "www.foo.org" and conduct man-in-the-middle attacks between the PyOpenSSL-using client and the SSL server.