NULL Pointer Dereference in python2.7

Do your applications use this vulnerable package? Test your applications

Overview

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

References

ADVISORY
Debian Security Tracker
GENTOO
MLIST
MLIST
MLIST
RHSA Security Advisory
RHSA Security Advisory
SUSE
Talos Vulnerability Report
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2019-5010
CWE: CWE-476
Snyk ID: SNYK-DEBIAN8-PYTHON27-306432
Disclosed: 31 Oct, 2019
Published: 16 Jan, 2019

NULL Pointer Dereference
Affecting python2.7 package, versions <2.7.9-2+deb8u3

Overview

References

CVSS Score

NULL Pointer Dereference Affecting python2.7 package, versions <2.7.9-2+deb8u3

Overview

References

NULL Pointer Dereference
Affecting python2.7 package, versions <2.7.9-2+deb8u3