CVE-2019-5010
published 2019-10-31CVE-2019-5010: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | python2.7 | < python2.7 2.7.15-6 (bullseye) | python2.7 2.7.15-6 (bullseye) |
| opensuse | leap | — | — |
| python | python | — | — |
| python | python | >= 2.7.0 < 2.7.16 | 2.7.16 |
| python | python | >= 3.4.0 < 3.4.10 | 3.4.10 |
| python | python | >= 3.5.0 < 3.5.7 | 3.5.7 |
| python | python | >= 3.6.0 < 3.6.9 | 3.6.9 |
| python | python | >= 3.7.0 < 3.7.3 | 3.7.3 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.6HIGH