CVE-2019-5010 — NULL Pointer Dereference in Python

CWE-476 — NULL Pointer Dereference18 documents8 sources

Severity

7.5HIGHNVD

EPSS

5.4%

top 9.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Debian Linux Opensuse Leap +4 more

Timeline

PublishedOct 31

Latest updateJul 11

Description

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDpython/python2.7.0 — 2.7.16+4

▶CVEListV5python/pythonPython.org CPython 2.7.11 Python.org CPython 3.6.6 Python.org CPython 3.5.2 Python.org CPython 3 master at 480833808e918a1dcebbbcfd07d5a8de3c5c2a66

▶NVDopensuse/leap15.1

Also affects: Debian Linux 9.0, Enterprise Linux 8.0, 8.1, 8.2, 8.4, 8.6

🔴Vulnerability Details

GHSA

GHSA-jj99-2g8j-7j25: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python↗2022-05-24

▶

CVEList

CVE-2019-5010: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python↗2019-10-31

▶

OSV

CVE-2019-5010: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python↗2019-10-31

▶

📋Vendor Advisories

Ubuntu

Python vulnerabilities↗2024-07-11

▶

Ubuntu

Python vulnerabilities↗2019-09-10

▶

Ubuntu

Python vulnerabilities↗2019-09-09

▶

Red Hat

python: NULL pointer dereference using a specially crafted X509 certificate↗2019-01-15

▶

Debian

CVE-2019-5010: python2.7 - An exploitable denial-of-service vulnerability exists in the X509 certificate pa...↗2019

▶

💬Community

Bugzilla

CVE-2019-5010 python34: python: NULL pointer dereference using a specially crafted X509 certificate [epel-all]↗2019-01-15

▶

Bugzilla

CVE-2019-5010 python3: python: NULL pointer dereference using a specially crafted X509 certificate [fedora-all]↗2019-01-15

▶

Bugzilla

CVE-2019-5010 python: NULL pointer dereference using a specially crafted X509 certificate↗2019-01-15

▶

Bugzilla

CVE-2019-5010 python34: python: NULL pointer dereference using a specially crafted X509 certificate [fedora-all]↗2019-01-15

▶

Bugzilla

CVE-2019-5010 python36: python: NULL pointer dereference using a specially crafted X509 certificate [fedora-29]↗2019-01-15

▶