Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-5010
HistoryJan 18, 2019 - 12:00 a.m.

CVE-2019-5010

2019-01-1800:00:00
ubuntu.com
ubuntu.com
20
python
x509
certificate
vulnerability
denial of service
crafted
tls
connection

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.018

Percentile

88.4%

An exploitable denial-of-service vulnerability exists in the X509
certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted
X509 certificate can cause a NULL pointer dereference, resulting in a
denial of service. An attacker can initiate or accept TLS connections using
crafted certificates to trigger this vulnerability.

Bugs

Notes

Author Note
mdeslaur DoS is only possible in certain situations, see upstream bug report. Marking as low.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchpython2.7< 2.7.15-4ubuntu4~18.04.1UNKNOWN
ubuntu18.10noarchpython2.7< 2.7.16-2~18.10UNKNOWN
ubuntu16.04noarchpython2.7< 2.7.12-1ubuntu0~16.04.8UNKNOWN
ubuntu14.04noarchpython3.4< 3.4.3-1ubuntu1~14.04.7+esm2UNKNOWN
ubuntu14.04noarchpython3.5< 3.5.2-2ubuntu0~16.04.4~14.04.1+esm1UNKNOWN
ubuntu16.04noarchpython3.5< 3.5.2-2ubuntu0~16.04.8UNKNOWN
ubuntu18.04noarchpython3.6< 3.6.8-1~18.04.2UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.018

Percentile

88.4%