Python -- NULL pointer dereference vulnerability

2019-01-15T00:00:00
ID D74371D2-4FEE-11E9-A5CD-1DF8A848DE3D
Type freebsd
Reporter FreeBSD
Modified 2019-03-27T00:00:00

Description

Python Changelog:

bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.