CVE-2019-5010 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2019-5010?

CVE-2019-5010 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-5010?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Opensuse Leap, Debian Debian Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Eus.

Vulnerability Description

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Python	Python	>= 2.7.0, < 2.7.16
Opensuse	Leap	15.1
Debian	Debian Linux	9.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Eus	8.1
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server Tus	8.2

Related Weaknesses (CWE)

CWE-476

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlMailing ListThird Party Advisory
https://access.redhat.com/errata/RHSA-2019:3520Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3725Third Party Advisory
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00034.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/202003-26Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758ExploitThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlMailing ListThird Party Advisory
https://access.redhat.com/errata/RHSA-2019:3520Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3725Third Party Advisory
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00034.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/202003-26Third Party Advisory

FAQ

What is CVE-2019-5010?

CVE-2019-5010 is a vulnerability with a CVSS score of 7.5 (HIGH). An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, res...

How severe is CVE-2019-5010?

CVE-2019-5010 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5010?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Opensuse Leap, Debian Debian Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Eus.