CVE-2019-5010

MEDIUM

Description

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

https://access.redhat.com/errata/RHSA-2019:3520

https://access.redhat.com/errata/RHSA-2019:3725

https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E

https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html

https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html

https://security.gentoo.org/glsa/202003-26

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758

Details

Source: MITRE

Published: 2019-10-31

Updated: 2020-08-22

Type: CWE-476

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions up to 2.7.11 (inclusive)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions from 3.0.0 to 3.6.6 (inclusive)

Tenable Plugins

View all (53 total)

IDNameProductFamilySeverity
145658CentOS 8 : python3 (CESA-2019:3520)NessusCentOS Local Security Checks
medium
145389openSUSE Security Update : python3 (openSUSE-2020-2333)NessusSuSE Local Security Checks
high
145326openSUSE Security Update : python3 (openSUSE-2020-2332)NessusSuSE Local Security Checks
high
144586SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3930-1)NessusSuSE Local Security Checks
high
143646SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3563-1)NessusSuSE Local Security Checks
medium
139757Debian DLA-2337-1 : python2.7 security updateNessusDebian Local Security Checks
medium
138529Debian DLA-2280-1 : python3.5 security updateNessusDebian Local Security Checks
medium
134603GLSA-202003-26 : Python: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
133448SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1)NessusSuSE Local Security Checks
high
133259SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
133172openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
133036SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
132534Photon OS 2.0: Python2 PHSA-2019-2.0-0190NessusPhotonOS Local Security Checks
medium
132527Photon OS 1.0: Python2 PHSA-2019-1.0-0257NessusPhotonOS Local Security Checks
medium
132508NewStart CGSL CORE 5.05 / MAIN 5.05 : python Multiple Vulnerabilities (NS-SA-2019-0229)NessusNewStart CGSL Local Security Checks
medium
130548RHEL 8 : python3 (RHSA-2019:3520)NessusRed Hat Local Security Checks
medium
129884NewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0187)NessusNewStart CGSL Local Security Checks
medium
128631Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : python2.7, python3.5, python3.6, python3.7 vulnerabilities (USN-4127-1)NessusUbuntu Local Security Checks
medium
128333CentOS 7 : python (CESA-2019:2030)NessusCentOS Local Security Checks
medium
128254Scientific Linux Security Update : python on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
127651RHEL 7 : python (RHSA-2019:2030)NessusRed Hat Local Security Checks
medium
126383Amazon Linux 2 : python (ALAS-2019-1230)NessusAmazon Linux Local Security Checks
medium
126222Debian DLA-1834-1 : python2.7 security updateNessusDebian Local Security Checks
medium
125578EulerOS Virtualization for ARM 64 3.0.2.0 : python (EulerOS-SA-2019-1626)NessusHuawei Local Security Checks
medium
125521EulerOS 2.0 SP3 : python (EulerOS-SA-2019-1594)NessusHuawei Local Security Checks
medium
124937EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)NessusHuawei Local Security Checks
critical
124735EulerOS Virtualization 2.5.3 : python (EulerOS-SA-2019-1357)NessusHuawei Local Security Checks
medium
124624EulerOS 2.0 SP5 : python (EulerOS-SA-2019-1338)NessusHuawei Local Security Checks
medium
124622EulerOS 2.0 SP2 : python (EulerOS-SA-2019-1336)NessusHuawei Local Security Checks
medium
124511Fedora 30 : python34 (2019-7d9f3cf3ce)NessusFedora Local Security Checks
medium
124492Fedora 30 : python35 (2019-51f1e08207)NessusFedora Local Security Checks
medium
124470Fedora 30 : python2 / python2-docs (2019-0c91ce7b3c)NessusFedora Local Security Checks
medium
123480Fedora 28 : python35 (2019-cf725dd20b)NessusFedora Local Security Checks
medium
123476Fedora 28 : python34 (2019-6baeb15da3)NessusFedora Local Security Checks
medium
123475Fedora 29 : python34 (2019-6b02154aa0)NessusFedora Local Security Checks
medium
123144FreeBSD : Python -- NULL pointer dereference vulnerability (d74371d2-4fee-11e9-a5cd-1df8a848de3d)NessusFreeBSD Local Security Checks
medium
123140Fedora 29 : python35 (2019-6e1938a3c5)NessusFedora Local Security Checks
medium
123082Amazon Linux AMI : python27 / python34,python35,python36 (ALAS-2019-1169)NessusAmazon Linux Local Security Checks
medium
122675Amazon Linux 2 : python3 (ALAS-2019-1169)NessusAmazon Linux Local Security Checks
medium
122642openSUSE Security Update : python (openSUSE-2019-292)NessusSuSE Local Security Checks
medium
122577Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2019-062-01)NessusSlackware Local Security Checks
medium
122446SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2019:0482-1)NessusSuSE Local Security Checks
medium
122226openSUSE Security Update : python (openSUSE-2019-184)NessusSuSE Local Security Checks
medium
122091openSUSE Security Update : python3 (openSUSE-2019-155)NessusSuSE Local Security Checks
medium
122036Debian DLA-1663-1 : python3.4 security updateNessusDebian Local Security Checks
critical
121636SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2019:0271-1)NessusSuSE Local Security Checks
medium
121616SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2019:0243-1)NessusSuSE Local Security Checks
medium
121579Fedora 29 : python36 (2019-7eb6d3b8ea)NessusFedora Local Security Checks
medium
121577Fedora 28 : python3 (2019-6fafd84f5d)NessusFedora Local Security Checks
medium
121570SUSE SLES12 Security Update : python (SUSE-SU-2019:0223-1) (httpoxy)NessusSuSE Local Security Checks
critical
121540SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2019:0215-1)NessusSuSE Local Security Checks
medium
121402Fedora 28 : python37 (2019-b8ffb3768d)NessusFedora Local Security Checks
medium
121332Fedora 29 : anaconda / python3 (2019-00870e8bfc)NessusFedora Local Security Checks
medium