Colin Read

**Name of the Vulnerable Software and Affected Versions** Python versions 2.7.11 through 3.6.6 **Description** The issue is related to a denial-of-service vulnerability in the X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. The vulnerability is exploitable due to errors in pointer dereferencing. **Recommendations** For versions 2.7.11 through 3.6.6, consider disabling the X509 certificate parser until a patch is available. As a temporary workaround, restrict the use of TLS connections with crafted certificates to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.