PT-2019-2581 · Python+6 · Python+6

Colin Read

+1

·

Published

2019-01-15

·

Updated

2026-05-18

·

CVE-2019-5010

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Python versions 2.7.11 through 3.6.6
Description The issue is related to a denial-of-service vulnerability in the X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. The vulnerability is exploitable due to errors in pointer dereferencing.
Recommendations For versions 2.7.11 through 3.6.6, consider disabling the X509 certificate parser until a patch is available. As a temporary workaround, restrict the use of TLS connections with crafted certificates to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2019-1149
ALT-PU-2019-1565
ALT-PU-2019-1685
BDU:2019-02457
CESA-2019_2030
CESA-2019_3520
CLEANSTART-2026-BM51903
CLEANSTART-2026-SY44974
CLEANSTART-2026-WV76464
CVE-2019-5010
DLA-1663-1
DLA-1834-1
DLA-2280-1
DLA-2337-1
MGASA-2019-0084
MGASA-2019-0135
OPENSUSE-SU-2019:0155-1
OPENSUSE-SU-2019:0184-1
OPENSUSE-SU-2019_0155-1
OPENSUSE-SU-2019_0184-1
OPENSUSE-SU-2019_0292-1
OPENSUSE-SU-2020:0086-1
OPENSUSE-SU-2020:2332-1
OPENSUSE-SU-2020:2333-1
OPENSUSE-SU-2020_0086-1
OPENSUSE-SU-2020_2332-1
OPENSUSE-SU-2020_2333-1
OPENSUSE-SU-2024:11202-1
OPENSUSE-SU-2024:11283-1
OPENSUSE-SU-2024:11284-1
OPENSUSE-SU-2024:11285-1
OPENSUSE-SU-2024:11286-1
OPENSUSE-SU-2024:12089-1
OPENSUSE-SU-2024:12910-1
OPENSUSE-SU-2024:14109-1
OPENSUSE-SU-2024:14434-1
OPENSUSE-SU-2025:15713-1
PSF-2019-8
RHSA-2019:2030
RHSA-2019:3520
RHSA-2019:3725
RHSA-2019_2030
RHSA-2019_3520
SUSE-FU-2022:0444-1
SUSE-FU-2022:0445-1
SUSE-SU-2019:0215-1
SUSE-SU-2019:0223-1
SUSE-SU-2019:0243-1
SUSE-SU-2019:0243-2
SUSE-SU-2019:0271-1
SUSE-SU-2019:0482-1
SUSE-SU-2019:0482-2
SUSE-SU-2019:14246-1
SUSE-SU-2019_0271-1
SUSE-SU-2019_14246-1
SUSE-SU-2020:0114-1
SUSE-SU-2020:0234-1
SUSE-SU-2020:0302-1
SUSE-SU-2020:3563-1
SUSE-SU-2020:3930-1
USN-4127-1
USN-4127-2
USN-6891-1

Affected Products

Alt Linux
Centos
Linuxmint
Python
Red Hat
Suse
Ubuntu