PT-2019-2581 · Python+6 · Python+6

Colin Read

+1

·

Publicado

2019-01-15

·

Atualizado

2026-05-18

·

CVE-2019-5010

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Python versions 2.7.11 through 3.6.6
Description The issue is related to a denial-of-service vulnerability in the X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. The vulnerability is exploitable due to errors in pointer dereferencing.
Recommendations For versions 2.7.11 through 3.6.6, consider disabling the X509 certificate parser until a patch is available. As a temporary workaround, restrict the use of TLS connections with crafted certificates to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2019-1149
ALT-PU-2019-1565
ALT-PU-2019-1685
BDU:2019-02457
CESA-2019_2030
CESA-2019_3520
CLEANSTART-2026-BM51903
CLEANSTART-2026-SY44974
CLEANSTART-2026-WV76464
CVE-2019-5010
DLA-1663-1
DLA-1834-1
DLA-2280-1
DLA-2337-1
MGASA-2019-0084
MGASA-2019-0135
OPENSUSE-SU-2019:0155-1
OPENSUSE-SU-2019:0184-1
OPENSUSE-SU-2019_0155-1
OPENSUSE-SU-2019_0184-1
OPENSUSE-SU-2019_0292-1
OPENSUSE-SU-2020:0086-1
OPENSUSE-SU-2020:2332-1
OPENSUSE-SU-2020:2333-1
OPENSUSE-SU-2020_0086-1
OPENSUSE-SU-2020_2332-1
OPENSUSE-SU-2020_2333-1
OPENSUSE-SU-2024:11202-1
OPENSUSE-SU-2024:11283-1
OPENSUSE-SU-2024:11284-1
OPENSUSE-SU-2024:11285-1
OPENSUSE-SU-2024:11286-1
OPENSUSE-SU-2024:12089-1
OPENSUSE-SU-2024:12910-1
OPENSUSE-SU-2024:14109-1
OPENSUSE-SU-2024:14434-1
OPENSUSE-SU-2025:15713-1
PSF-2019-8
RHSA-2019:2030
RHSA-2019:3520
RHSA-2019:3725
RHSA-2019_2030
RHSA-2019_3520
SUSE-FU-2022:0444-1
SUSE-FU-2022:0445-1
SUSE-SU-2019:0215-1
SUSE-SU-2019:0223-1
SUSE-SU-2019:0243-1
SUSE-SU-2019:0243-2
SUSE-SU-2019:0271-1
SUSE-SU-2019:0482-1
SUSE-SU-2019:0482-2
SUSE-SU-2019:14246-1
SUSE-SU-2019_0271-1
SUSE-SU-2019_14246-1
SUSE-SU-2020:0114-1
SUSE-SU-2020:0234-1
SUSE-SU-2020:0302-1
SUSE-SU-2020:3563-1
SUSE-SU-2020:3930-1
USN-4127-1
USN-4127-2
USN-6891-1

Produtos afetados

Alt Linux
Centos
Linuxmint
Python
Red Hat
Suse
Ubuntu