Nicolas Edet

**Name of the Vulnerable Software and Affected Versions** Python versions 2.7.11 through 3.6.6 **Description** The issue is related to a denial-of-service vulnerability in the X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. The vulnerability is exploitable due to errors in pointer dereferencing. **Recommendations** For versions 2.7.11 through 3.6.6, consider disabling the X509 certificate parser until a patch is available. As a temporary workaround, restrict the use of TLS connections with crafted certificates to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NTP versions prior to 4.2.8p8 **Description** The issue allows remote attackers to cause a denial of service, resulting in the daemon crashing via a crypto-NAK packet. This problem exists due to an incorrect fix for a previous issue. **Recommendations** For versions prior to 4.2.8p8, update to version 4.2.8p8 or later to resolve the issue.