← Back

CVE-2019-5010

nvd nist
Published: Oct 31, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Affected (18)

Products: Python: Python · Opensuse: Leap · Debian: Debian Linux · +1 more
Show all products
Python: Python · Opensuse: Leap · Debian: Debian Linux · Redhat: Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server Aus, Enterprise Linux Server Tus
Python
1 product
Python
Opensuse
1 product
Leap
Debian
1 product
Debian Linux
Redhat
4 products
Enterprise Linux
Enterprise Linux Eus
Enterprise Linux Server Aus
Enterprise Linux Server Tus
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Python
Python
From 2.7.0 to 2.7.16
Python
From 3.4.0 to 3.4.10
Python
From 3.5.0 to 3.5.7
Python
From 3.6.0 to 3.6.9
Python
From 3.7.0 to 3.7.3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Leap
Version 15.1
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0
Configuration D
11 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 8.0
Redhat
Enterprise Linux Eus
Version 8.1
Enterprise Linux Eus
Version 8.2
Enterprise Linux Eus
Version 8.4
Enterprise Linux Eus
Version 8.6
Redhat
Enterprise Linux Server Aus
Version 8.2
Enterprise Linux Server Aus
Version 8.4
Enterprise Linux Server Aus
Version 8.6
Redhat
Enterprise Linux Server Tus
Version 8.2
Enterprise Linux Server Tus
Version 8.4
Enterprise Linux Server Tus
Version 8.6

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (16)

Source: talos-cna@cisco.com
Mailing ListThird Party Advisory
Source: talos-cna@cisco.com
Third Party Advisory
Source: talos-cna@cisco.com
Third Party Advisory
Source: talos-cna@cisco.com
Source: talos-cna@cisco.com
Mailing ListThird Party Advisory
Source: talos-cna@cisco.com
Mailing ListThird Party Advisory
Source: talos-cna@cisco.com
Third Party Advisory
Source: talos-cna@cisco.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.