CVE-2019-5010

CVE-2019-5010

Name

CVE-2019-5010

Description

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758
REDHAT	https://access.redhat.com/errata/RHSA-2019:3520
REDHAT	https://access.redhat.com/errata/RHSA-2019:3725
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
GENTOO	https://security.gentoo.org/glsa/202003-26
MLIST	https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
MLIST	https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
MLIST	https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html

Type

URI

Exploit

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758

REDHAT

https://access.redhat.com/errata/RHSA-2019:3520

REDHAT

https://access.redhat.com/errata/RHSA-2019:3725

SUSE

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

GENTOO

https://security.gentoo.org/glsa/202003-26

MLIST

https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html

MLIST

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

MLIST

https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:python:python::::::::`	python	>= 3.0.0	<= 3.6.6
`cpe:2.3:a:python:python::::::::`	python	>= None	<= 2.7.11

CPE URI

Source package

Min version

Max version

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

python

>= 3.0.0

<= 3.6.6

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

python

>= None

<= 2.7.11

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
python3-tkinter	edge-main	3.6.8-r1	None	fixed
python3-tkinter	edge-community	3.6.8-r1	None	fixed
python3-tkinter	3.22-community	3.6.8-r1	None	fixed
python3-tkinter	3.21-community	3.6.8-r1	None	fixed
python3-tkinter	3.20-community	3.6.8-r1	None	fixed
python3-tkinter	3.19-community	3.6.8-r1	None	fixed
python3-tkinter	3.18-community	3.6.8-r1	None	fixed
python3-tkinter	3.17-community	3.6.8-r1	None	fixed
python3	edge-main	3.6.8-r1	None	fixed
python3	3.22-main	3.6.8-r1	None	fixed
python3	3.21-main	3.6.8-r1	None	fixed
python3	3.20-main	3.6.8-r1	None	fixed
python3	3.19-main	3.6.8-r1	None	fixed
python3	3.18-main	3.6.8-r1	None	fixed
python3	3.17-main	3.6.8-r1	None	fixed
python3	3.12-main	3.6.8-r1	None	fixed
python3	3.11-main	3.6.8-r1	None	fixed
python3	3.10-main	3.6.8-r1	None	fixed
python2	edge-community	2.7.15-r3	None	fixed
python2	3.12-main	2.7.15-r3	None	fixed
python2	3.11-main	2.7.15-r3	None	fixed
python2	3.10-main	2.7.15-r3	None	fixed

Source package

Branch

Version

Maintainer

Status

python3-tkinter

edge-main

3.6.8-r1

None

fixed

python3-tkinter

edge-community